[Wolves] Fwd: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability

Peter Cannon dick_turpin at archlinux.us
Wed Apr 9 08:30:17 UTC 2014

On 09/04/14 09:18, Richard Barker wrote:
> One question I will ask is should we be thinking "disclosed 
> vulnerabilities"? After all, afaik, we only know about the Microsoft 
> vulnerabilities that they choose to disclose. Could the comparison look 
> worse than it really is?

Not really. There's been shed loads of vulnerabilities over the last 12 odd years since I've been using FOSS. Most community members like to narrow the field of focus citing the kernel as the holy grail of security ignoring such things as sql injections and browser compromises, SSL vulnerabilities etc.

The only thing we do do better in the community over Microsoft is we plug the holes quicker. :-)

Peter Cannon

IRC: dick_turpin @ freenode.net
Podcast: http://tdtrs.co.uk
"There is every excuse for not knowing
There is no excuse for not asking"

More information about the Wolves mailing list