[Wolves] Fwd: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability

David Goodwin david at codepoets.co.uk
Wed Apr 9 08:55:57 UTC 2014

> Not really. There's been shed loads of vulnerabilities over the last 
> 12 odd years since I've been using FOSS. Most community members like 
> to narrow the field of focus citing the kernel as the holy grail of 
> security ignoring such things as sql injections and browser 
> compromises, SSL vulnerabilities etc.
> The only thing we do do better in the community over Microsoft is we 
> plug the holes quicker. :-)

My opinion is that all code contains bugs.

The density of such bugs is unlikely to be significantly different 
between closed and open source as studies have shown.

In an ideal world, open source code would get reviewed more and become 
more secure.
However it becomes difficult and non-trivial to review a complex 
component like OpenSSL.

Microsoft/Oracle/whoever will have similar bugs - however they can 
silently patch them without the world knowing ("Bug fixes").

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20140409/ced1dc1f/attachment.html>

More information about the Wolves mailing list