[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, 10 Apr 2014 11:10:55 +0100, Tom <madtom1999@xxxxxxxxxxxxxx> wrote: >On 10/04/14 11:07, Philip Hudson wrote: >> What Heartbleed means for Free Software -- Sam Tuke's blog >> https://blogs.fsfe.org/samtuke/?p=718 >> >Its a point hard to get across-MS has all their own code and some of >the best software engineers in the world and cant even get VB working >on ARM let alone know what bugs lie in it. >Tom te tom te tom > I am not so sure that this is a win for open source. Most of the mainstream articles don't even mention that it is open source software so the average joe probably just adds it to their "scary internet" file without caring about the detail. Those articles that go into detail seem to major on the complexity and sub-optimal structure of the code that allowed the bug to go undiscovered for so long. I am guessing that the best open source code review is done by the NSA/GCHQ/etc. for their own benefit. The open source model leading to improved security only works if the good guy code reviewers are better than the bad guys. Trouble is code review is boring (to most people) so I fear this is not the case. Kevin -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq