I actually agree with both. We cannot give open source software a break when it comes to security. If we let things slide, then quality will slide.
I believe MySQL AB will make this change. Security flaws, afterall, whether they result from bad coding or merely bad policy, are a stigma you do not want associated with your product.
Coverity Inc., the company that performed the code analysis on MySQL, seemed to be more impressed at the speed in which the bugs they did find were fixed.
"We gave them the results about two weeks ago," Hallem said. "They had them all addressed in two days. It was a very fast turnaround."
I am impressed by Coverity's report, but coding is not MySQL's weakness. It is trusting people to secure themselves. It is not a lot to ask, but too much to expect.
02/06/05: MySQL Ups and Downs
I'm going to roll these two stories into one as eweek should have done.
Analysis Finds MySQL Code Low on Bugs has good news about MySQL's bugs:lines-of-code ratio, while MySQL Criticized in Wake of MySpooler Worm suggests a secure by default stance should be taken.
I actually agree with both. We cannot give open source software a break when it comes to security. If we let things slide, then quality will slide.
I believe MySQL AB will make this change. Security flaws, afterall, whether they result from bad coding or merely bad policy, are a stigma you do not want associated with your product.
Coverity Inc., the company that performed the code analysis on MySQL, seemed to be more impressed at the speed in which the bugs they did find were fixed.
I am impressed by Coverity's report, but coding is not MySQL's weakness. It is trusting people to secure themselves. It is not a lot to ask, but too much to expect.