[Sandy Harris] > A rather scary article: > http://www.itworld.com/article/2936575/security/software-applications-have-on-average-24-vulnerabilities-inherited-from-buggy-components.html
I find the article mostly stupid, I must admit. It keep repeating that the problem is caused by the use of open source components, while in reality the situation is worse when using proprietary components, at least based on my experience in both free and proprietary software development. Using old software components is a risk, and in the free software world it is easier to get access to the new components. > Does the current Fbox implementation use Java? Should we eliminate it > as a matter of necessary security policy? If not, how can we deal with > these issues? As far as I know, nothing in the current Freedombox uses Java. But that is really beside the point. > Are other things we use also high-risk? Javascript? Perl? Python? ...? If you claim using high level programming languages like Javascript, Perl and Python is a specially high risk, I believe you have misunderstood something. If you do not claim this, I fail to understand what you mean. The free software implementations of Perl and Python are of very high quality compared to proprietary software according to yearly reports from Coverity. Javascript have several implementations, so it is not possible to make a sensible general statement about its quality. -- Happy hacking Petter Reinholdtsen _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
