I was wondering about the security of open source software such as Apache, Mozilla, Sendmail, etc. I mean if they are open source then anybody could look at the code, look for holes and bugs and then exploit them for malicious purposes. Is this something that happens a lot? Or are there measures to prevent this sort of abuse?

there are no measures to prevent this thats why it is open source... but as bugs are found they are patched wich leads to greater security...

heres an example of how full of **** microsoft is... there is an exploit that has been flaoting arround for a couple years that grabs passwords for netbios shares a feture used in many home networks, do you think microsoft patched this in XP no way sorry ther microsoft just doesnt give a **** about security

its at least as secure or better than anything MS puts out.

Yes, but I mean is the fact that the source code is available for scrutiny a problem?

> is the fact that the source code is available for scrutiny a problem?

Not usually - a lot of times, people that find the security holes will actually report back to the company and they'll fix it...

That's good news. But are there any known cases of the holes being exploited for bad? There's the Unix worm, but I don't think that would count.

> But are there any known cases of the holes being exploited for bad?

I'm sure there are, but, AFAIK, security's not a huge problem for open-source programs, at least how you're talking about it.