Linux Microsoft: The Open Source Quality Challenge

[vishalrao]

No its not a competition or something... actually it probably is, but this is just a MSDN blog post title:

The Security Development Lifecycle : The Open Source Quality Challenge

Steve refers to fixing bugs in a way that implies that just fixing bugs improves security. Our experience is that fixing bugs is not enough - you have to use tools and processes that specifically prevent security bugs from getting into the code in the first place.

It links to this blog referring to the recent multiple quick patches in Firefox: http://www.cs.columbia.edu/~smb/blog//2009-04/2009-04-29.html

if the open source movement is to fulfill its promise, it needs to solve its buggy code problem. We have several decades of experience that teach us there are no magic solutions or tools that will solve that problem. We're going to have to do it the hard way.