[Wolves] Fwd: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability

Peter Cannon dick_turpin at archlinux.us
Wed Apr 9 09:14:58 UTC 2014

On 09/04/14 09:55, David Goodwin wrote:

> My opinion is that all code contains bugs.
> The density of such bugs is unlikely to be significantly different
> between closed and open source as studies have shown.
> (
> http://www.coverity.com/press-releases/annual-coverity-scan-report-finds-open-source-and-proprietary-software-quality-better-than-industry-average-for-second-consecutive-year/
> )
> In an ideal world, open source code would get reviewed more and become
> more secure.
> However it becomes difficult and non-trivial to review a complex
> component like OpenSSL.
> Microsoft/Oracle/whoever will have similar bugs - however they can
> silently patch them without the world knowing ("Bug fixes").

My thoughts exactly.

Peter Cannon

IRC: dick_turpin @ freenode.net
Podcast: http://tdtrs.co.uk
"There is every excuse for not knowing
There is no excuse for not asking"

More information about the Wolves mailing list