Contributed by Dengue on from the daemons-you-can-trust dept.
After looking over the information at the TrustedBSD project site, I see nothing there about a source code audit...
I won't deny the usefulness of ACL's, etc., but how secure can your system be if it is susceptible to buffer overflows and race conditions? Here's another question: At what point i.e. lines of code, number of programmers, levels of complexity, does a project become effectively un-auditable? I can think of a number of projects, mostly Microsoft ones, whose gargantuan size prohibits any effective level of auditing, but what about OpenSource projects? When does it get out of control?
(Comments are closed)