Forgot your password?
typodupeerror
Bug

Bug Bounties Don't Help If Bugs Never Run Out 235

Posted by Soulskill
from the trying-to-bail-the-ocean dept.
Bennett Haselton writes: "I was an early advocate of companies offering cash prizes to researchers who found security holes in their products, so that the vulnerabilities can be fixed before the bad guys exploited them. I still believe that prize programs can make a product safer under certain conditions. But I had naively overlooked that under an alternate set of assumptions, you might find that not only do cash prizes not make the product any safer, but that nothing makes the product any safer — you might as well not bother fixing certain security holes at all, whether they were found through a prize program or not." Read on for the rest of Bennett's thoughts.
Python

Open-Source Python Code Shows Lowest Defect Density 187

Posted by Soulskill
from the errors-should-never-pass-silently dept.
cold fjord sends news that a study by Coverity has found open-source Python code to contain a lower defect density than any other language. "The 2012 Scan Report found an average defect density of .69 for open source software projects that leverage the Coverity Scan service, as compared to the accepted industry standard defect density for good quality software of 1.0. Python's defect density of .005 significantly surpasses this standard, and introduces a new level of quality for open source software. To date, the Coverity Scan service has analyzed nearly 400,000 lines of Python code and identified 996 new defects — 860 of which have been fixed by the Python community."

Comment: Re:you've got to be kidding me (Score 1) 71

Vim? Joining 10 tables is a ballache in terms of typing, but it's not actually /hard/ - any more than writing a function with 10 statements is hard. You just need to step away from the ORM long enough to realise that actually relational databases are perfectly logical and easy (well, as easy as any other programming) despite what various frameworks have screamed at you for years.

Comment: Re:Or (Score 1) 248

by Tim C (#43157661) Attached to: Testing an Ad-Free Microtransaction Utopia
You wouldn't, and that's the problem I have with most of the "go back to the good old days!" posts. That only works if the cost of hosting the site is cheap enough to fall in to a person's "hobby-level expenditure". Anything even remotely popular is going to cost orders of magnitude more than that; that requires either direct payment, corporate ownership, or corporate sponsorship - the most common form of which is advertising.

Chemist who falls in acid is absorbed in work.

Working...