Security For Open Source Web Projects?

PoissonPilote writes "I'm currently developing a multi-player, browser-based game, using the good old HTML, JavaScript, PHP, and MySQL combination. Progress is good so far, and the number of players is slowly but steadily increasing. At the beginning of the project, I decided to put the entirety of my game under the MIT license, so that anyone could study the code or even start their own server for the game. However, with the increasing popularity of my project, I am starting to worry about security issues. Even though I consider myself decent at web development and am pretty sure I'm not making any classic mistakes (SQL injection, cross-site scripting, URL forgery, etc.), I am no web security expert. I didn't find any relevant examples to compare my game to, as most open source games are written in a compiled language, and no web server is at stake in those cases. Some web developer friends told me not to release the source code at all; others told me to release it only when the game will be shut down. Naturally, I'm not satisfied by either of these solutions. What approach would you recommend?"

Solution:

[Anonymous Coward]

Use VB 6.0 MS-SQL Server 2000 and IIS 5.0, can't go wrong there.

Re:license has nothing to do with security

[AnonymousClown]

Oh please. I took the special PHB IT security class and they told us how Open Source allows the bad guys to see all the APIs that allows one to break in. Such as: BreakInThoughTheBack, SQLInjectTion, GetAroundEcrytpion, and ReplaceLegitimatCodeHere classes.

They had PowerPoint slides and everything so they knew what they were talking about!

No sir! Closed obfuscated source for me!

Re:license has nothing to do with security

[PrecambrianRabbit]

$ grep vulnerability *.c | wc -l
0

Everything seems fine here to me...