One of the arguments anti-open sourcers often try to advance is that open source has just as many security holes as closed source software. On top of that one, the anti-OSS folks then go on to say that once open source software is as widely used as their closed source equivalents, they’ll suffer just as many attacks. Now, I’ve argued before that this is a wrong-headed attitude, at least as far as email viruses are concerned, and I think the fact that Apache is the most-widely used Web server in the world, yet sees only a fraction of the constant stream of security disasters that IIS does, pretty much belies the argument.
Now a blogger named sacarny has created a timeline detailing a vulnerability that was found in Mozilla and the time it took to fix it. It starts on July 7, at 13:46 GMT, and ends on July 8, at 21:57 GMT – in other words, it took a little over 24 hours for the Mozilla developers to fix a serious hole. And best of all, the whole process was open and documented. Sure, open source has bugs – all software does – but it tends to get fixed. Fast.