[Wolves] Fwd: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
David Goodwin
david at codepoets.co.uk
Wed Apr 9 08:55:57 UTC 2014
>
>
> Not really. There's been shed loads of vulnerabilities over the last
> 12 odd years since I've been using FOSS. Most community members like
> to narrow the field of focus citing the kernel as the holy grail of
> security ignoring such things as sql injections and browser
> compromises, SSL vulnerabilities etc.
>
> The only thing we do do better in the community over Microsoft is we
> plug the holes quicker. :-)
>
My opinion is that all code contains bugs.
The density of such bugs is unlikely to be significantly different
between closed and open source as studies have shown.
(
http://www.coverity.com/press-releases/annual-coverity-scan-report-finds-open-source-and-proprietary-software-quality-better-than-industry-average-for-second-consecutive-year/
)
In an ideal world, open source code would get reviewed more and become
more secure.
However it becomes difficult and non-trivial to review a complex
component like OpenSSL.
Microsoft/Oracle/whoever will have similar bugs - however they can
silently patch them without the world knowing ("Bug fixes").
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20140409/ced1dc1f/attachment.html>
More information about the Wolves
mailing list