The BBC is running a story on the FireFox commemorative coins. What interests me about this story, especially in the light of my recent post about a new vulnerability in FireFox, is the assertion that OSS projecs are less-affected by security issues than commercial products:
It has so far not had as many security problems as IE, and when there has been a problem, it has taken less time to fix because it is an open source piece of software.
This means that anyone with the right skills can access and modify the code.
There is a significant problem with this statement. OSS projects just do not work this way. Only a limited number of people can commit changes and release new versions of the software, so OSS projects can be just as resource constrained as commercial ones, if not more so. So any assumption that they will automatically have more resources to put on a problem is flawed. Firefox is not without its resource issues as a project.
I’m not against OSS. In fact I have been an active contributer to NUnitForms, but we really need to explode some of these mythical statements about supposed advantages of OSS. The ‘many hands’ theory is just one of the most pervasive of them.