[Bush2000]

You also don't the get programmer comments when you decompile/ deduce...

Yep, and knowing the size of buffers and how they're parsed makes it that much easier to launch a buffer overrun attack on open source code...

[discostu]

I'm glad somebody is doing a paper on this. It's always made sense to me. I remember Mitnik's big obsession was always getting the source, now why in the world would a hacker want to get the source code? Maybe to figure out how the security is written?! Nah couldn't be.

[TechJunkYard]

You also don't the get programmer comments when you decompile/ deduce...

Yep, and knowing the size of buffers and how they're parsed makes it that much easier to launch a buffer overrun attack on open source code...

Aha,, so explain how all of those buffer exploits in Microsoft's closed code get discovered.

[Crispy]

"Yep, and knowing the size of buffers and how they're parsed makes it that much easier to launch a buffer overrun attack on open source code..."

The thing with open source is that if a buffer overrun was discovered or another major exploit, you can pretty much rest assured that there will be a patch within hours.

I am not a big Microsoft basher but I think the whole premise that open source is less secure is rediculous.