[HLUG] Herefordshire Digest, Vol 1758, Issue 1
Kevin Dontenville
kevin at opensure.net
Fri Sep 26 12:59:09 UTC 2014
What is sad is that many people will equate these issues with open source development. I think this is just what happens when programming using small or narrow groups of people that by definition have limited skills.
What scares me more is when I imagine what is hiding in the software in the proprietary world that is unfixable and unviewable. It may be hidden from general review but not criminal reverse engineering and input/response analysis such as the wealthy and powerful criminal organizations and NSA etc will use. Flash is a great example! What it does is hide or at least obscure the opportunity to fix it or have a chance of review.
The reason these recent bugs are coming out is the increase in focus on security that is possible with FOSS and OSS generally because of the dependence on safe computing in a dangerous world.
BTW we are on top of the updates for the HLUG site the first were applied a few days ago. Worth noting Debs dash doesnt have the vulnerability nor it seems BSD so once again FOSS has a more than one solution. The embedded systems are another matter, but most of those use the unaffected busybox or similar.
So although serious it is not insurmountable and should serve as a reminder that FOSS is better because of shared effort and attention not 'just because it is'. We should all be doing our bit, whether contributing bug reports or helping where we can, however we can.
Kevin
More information about the Herefordshire
mailing list