[Linux-aus] Post in ZDnet re: Heartbleed
Brianna Laugher
brianna.laugher at gmail.com
Mon Apr 14 23:47:17 EST 2014
Testing "programs like OpenSSL as if no source were available" is a good
idea. But it's a weird question to ask, because if OpenSSL wasn't open
source, it probably wouldn't be as widely used as it is, and therefore the
impact of the bug would be far less.
Also, it's a weirdly tone-deaf article given the recent Apple goto-fail.
Everyone is in a glass house, software is hard!
cheers,
Brianna
On 14 April 2014 22:37, Kathy Reid <kathy at kathyreid.id.au> wrote:
> Hi everyone,
>
> There's a post on ZDnet that posits that OpenSSL benefitted little from
> being open source;
> http://www.zdnet.com/did-open-source-matter-for-heartbleed-7000028378/
> I strongly disagree with a lot of the points in the article, but am
> interested in the thoughts of others.
>
> * If OpenSSL wasn't open source, the vulnerability may never have been
> found
> * The CVE was dealt with transparently and openly
> * The patch was freely available when the CVE was made public
> * The specific code vulnerability, now patched, will make other C codes
> more secure as people learn from the error
>
> --
> --
>
> Kathy Reid
> kathy at kathyreid.id.au
> 0418 130 636
> @kathyreid
>
>
> _______________________________________________
> linux-aus mailing list
> linux-aus at lists.linux.org.au
> http://lists.linux.org.au/listinfo/linux-aus
>
--
They've just been waiting in a mountain for the right moment:
http://modernthings.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux.org.au/pipermail/linux-aus/attachments/20140414/45b8ec31/attachment.htm
More information about the linux-aus
mailing list