[Wolves] Fwd: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
Peter Cannon
dick_turpin at archlinux.us
Wed Apr 9 09:14:58 UTC 2014
On 09/04/14 09:55, David Goodwin wrote:
> My opinion is that all code contains bugs.
>
> The density of such bugs is unlikely to be significantly different
> between closed and open source as studies have shown.
> (
> http://www.coverity.com/press-releases/annual-coverity-scan-report-finds-open-source-and-proprietary-software-quality-better-than-industry-average-for-second-consecutive-year/
> )
>
> In an ideal world, open source code would get reviewed more and become
> more secure.
> However it becomes difficult and non-trivial to review a complex
> component like OpenSSL.
>
> Microsoft/Oracle/whoever will have similar bugs - however they can
> silently patch them without the world knowing ("Bug fixes").
>
My thoughts exactly.
--
Regards
Peter Cannon
IRC: dick_turpin @ freenode.net
https://twitter.com/dick_turpin
http://www.cannon-linux.co.uk
https://plus.google.com/100694334141523232451/posts
Podcast: http://tdtrs.co.uk
"There is every excuse for not knowing
There is no excuse for not asking"
More information about the Wolves
mailing list