How Software is Built

There’s a good article on LinuxWorld about the security debate between open-source and Windows. My first question is, does it need to be a debate? In this day and age, isn’t it easy enough to quantify vulnerabilities?

If you are looking for subjective opinion, I recommend looking through the interviews we’ve done here. At the risk of sounding like a Microsoft fan-boy, the Microsoft interviews (in my opinion) demonstrate a company where secure coding is “in the water”. Code goes through threat modeling, risky function calls have simply been banned, code goes through automated and human inspection, and vulnerabilities that do slip through feedback into the process to determine how to prevent them in the future.

I simply don’t get the same feeling from the open-source people we’ve talked to. When we’ve brought the subject up, the response is almost universally “many eyeballs,” and faith (without data) that “many eyeballs” is effective.

Am I completely off base? Do things like the Linux kernel and Apache go through rigorous security reviews? Is there proof that “many eyeballs” in open source is at least as good as something like the Security Development Lifecycle in Microsoft? If you’re in a position to know, let’s chat!

Interviewers: Scott Swigart, and Sean Campbell

Interviewee: John McCreesh - Open Office

John McCreesh

In this interview with John who is the Marketing Program Lead for Open Office we asked him about:

• What the process is for delegating work out to members of the OpenOffice team
• How OpenOffice handles end user requests for features
• The engineering steering committee for OpenOffice
• Large Company contributions to OpenOffice
• How the Q/A process is handled for OpenOffice
• How OpenOffice generates appropriate documentation for end users
• How much goes into keeping OpenOffice cross platform (Mac, Linux, Windows) vs. emphasis on creating new features.
• The Office 2007 Ribbon, innovation, and standards as it relates to OpenOffice

Continue reading…

Interviewers: Scott Swigart, Richard Bowler, and Sean Campbell

Interviewee: Marc Miller

In this interview, we spoke with Marc Miller about his views on the current state of open source software.  Marc works for Advanced Micro Devices (AMD), and in January, Marc took on a role as the open source software evangelist in the AMD Developer Outreach organization enabling Linux kernel and application developers to develop optimized code using both AMD and 3rd party tools and resources. In his role as a software Alliance Manager for AMD 2001-2006, Mr. Miller played a significant role in developing a Linux marketing strategy with a focus on integration of AMD technology with software tools developed by the open source community and industry partners. Throughout his career at AMD, Marc has been a key contact for open source developers wishing to work with AMD, and has been an open source ambassador for AMD, helping to coordinate outbound and inbound communication between AMD and Linux developers.

In this interview Marc talks about:

• Challenges that open source companies have when competing with proprietary software
• Advantages of open source
• Choice also has disadvantages
• Is open-source anti-capitalism?
• The PR value of being open-source
• Open-source is less idealistic and more pragmatic today
• The future is blending open-source and proprietary software

Continue reading…