Please select at least on criteria below to generate a code
O++
O+
O
O-
O--
!O
S++
S+
S
S-
S--
!S
I+++
I++
I+
I
I-
I--
!I
C+++
C++
C+
C
C-
C--
!C
E+++
E++
E
E-
E--
E---
E----
!E
M!
M+
M
M-
M--
M---
!M
V!
V++
V+
V-
V--
V---
!V
PS++
PS
PS-
PS--
PS---
!PS
!D
D++
D+
D
D-
D--
D---
Ownership
Public Domain | MIT | Apache
Copyleft
We own it. But if we go under you get the source code.
We own it. You get a license we can revoke at any time.
We own it. We don't sell it. You can only rent it.
You use our appliance / cloud service.
Source Code
The source code is public and you can change it.
The source code is public.
The source code leaked a while ago.
We let your government view the source code.
The source code is secret.
We lost the source code.
Intent, Confidence
I make actual guarantees.
I have done this multiple times before. I know what I am doing.
I had to adopt the design a bit over time.
I tried to avoid security bugs while writing this.
Look, they paid me to do this.
The guy left. Code now maintained by a team in India.
I have no idea what I'm doing.
Correctness
We have a correctness proof and you can understand/verify it.
We have a correctness proof.
No open bugs, 100% test coverage and we do regular code audits.
We try to fix bugs that our users tell us about.
We have a bug backlog.
At some point we are planning to have a bug tracking system.
That's not really a bug, that's just a crash!
Engineering / Design
Least Privilege, Privilege Separation, TCB minimised.
We sandbox ourselves away so nothing bad can happen.
We try to detect bad arguments
Well..., we fix bugs. That's good, right?
We just do what we are told. You call us wrong, that's on you!
We run as root / in the kernel.
We sell it as appliance so you don't see how bad it is.
We do a daily AI malware scan of our blockchain.
Maintenance
Author is Don Knuth / Dan Bernstein. Makes no mistakes.
Project ist feature complete, gets occasional security updates.
Project gets updated regularly.
People send pull requests / patches to mailing list.
Vendor publishes quarterly patch roundup with 512 fixes each.
Author killed project. Unofficial forks / backups still around.
Author left / dead, project abandoned.
Volatility
Software is perfect, needed no updates since 1993.
Like V+ but has a way to notify you of new versions.
Regular patches and updates but you can't tell the difference.
Updating is such a hassle that back-porting patches is a thing.
The new version broke so much, most people use the old one.
Agile. 5 updates/day, half of them break production.
Support ended.
Protocol / Spec
The spec is public, short and precise.
The spec is OK but interoperability is a bitch.
The spec is so large, nobody implemented all of it.
The spec cannot be implemented securely.
There is a spec but it's paywalled.
The author made it up as he went.
Dependencies
No dependencies. You boot your image directly.
We depend only on things that come with the system.
We depend on sqlite and libz.
We use somebody's Docker image from the Internet.
We don't even have a list of the dependencies.
We load extensions dynamically from the Internet.
Uses vendor specific lock-in APIs/features.