Malicious backdoor in open-source messaging apps not spotted for 3 months

Discussion in 'all things UNIX' started by ronjor, Feb 17, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    http://arstechnica.com/business/new...e-messaging-apps-not-spotted-for-4-months.ars
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    This is why auditing is important. Of course, if it were closed source it might never have been found.

    A good reminder that open source is not absolute security.
     
  3. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    Nothing is absolute security but the only way to detect is to be OPEN.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    This has nothing to do with open or closed source. Exploits in closed source are "detected" all the time. This has more to do with the size of your development team, which directly affects the amount of peer review the code will get. You can bring in the usual preaching of "it's open so it will be reviewed" all you want, this clearly proves that people have better things to be doing than reading open source code.
     
    Last edited: Feb 18, 2012
  5. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    The size and exposure in open source is infinite compared to close, one of the reason Linux is the flavor in critical servers and not anything else, same goes for all supercomps.
     
Loading...
Thread Status:
Not open for further replies.