On Mon, Nov 16, 2009 at 5:25 AM, Melvyn Sopacua < msopa...@warp10.thruhere.net> wrote:
> On Mon, 16 Nov 2009 08:53:26 +0530, Kenneth Gonsalves <law...@au-kbc.org> > wrote: > > On Monday 16 Nov 2009 6:50:10 am Christophe Pettus wrote: > >> On Nov 15, 2009, at 5:10 PM, Kenneth Gonsalves wrote: > >> > I do also point out to plone vs drupal, but there again the > >> > argument is the drupal is more widely used and hence has more > >> > observable > >> > vulnerabilities. It does not sound logical. > >> > >> I don't think that anyone is seriously arguing that a piece of > >> software being widely adopted somehow creates new security > >> vulnerabilities in it. I believe the assumption is that all software > >> of a given level of complexity has roughly the same number of > >> vulnerabilities, either exposed or hidden. Thus, the more used a > >> piece of software, the more attention the bad guys give it, and thus > >> the more of those hidden security problems become exposed. > >> > > > > it is precisely this assumption that does not seem logical to me. But > > frankly > > I do not know how to counter it ;-) > > It is quite simple. Say you write a letter. You proofread the result. > You give it to someone else to proofread and it's likely he/she finds > a few more typos. The longer the letter, the more mistakes you'll > make (absolute), while the percentage might stay the same. > The more eyes look at it, the better your chances are that you will > send a flawless letter. > Now, the question arises whether a program is more secure if it has > more exposure (proofreaders) or less and a bit of both is true. > The more proofreaders the less chance a bug remains, yet since > exploiting the bug requires knowledge to be shared and/or > incorporated into attack software, the chance that *you* as a user > gets exploited through one of these bugs lessens. > Think of this as the difference between a cabin in the mountains, > no locks on the door and a 5 mile steep hike to get there, versus > a bank downtown. Obviously, the bank is more secure, yet it's > much less likely that someone will try and rob the cabin. > Metaphors are messy and tend to break down. There may be more spelling mistakes in the Drupal letter, but that is because it is a letter and django is an alphabet... -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=.
