Log in or Sign up

Shellshock proves open source's 'many eyes' can't see straight

Discussion in 'other security issues & news' started by ronjor, Sep 30, 2014.

ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

164,189

Location:

Texas

Roger A. Grimes — Columnist
InfoWorld | Sep 30, 2014

With so many people looking at open source code, its security flaws should be stopped dead -- but it doesn't work that way
Click to expand...

http://www.infoworld.com/article/2689233/security/shellshock-proves-open-source-many-eyes-wrong.html

ronjor, Sep 30, 2014

#1
Rasheed187 Registered Member

Joined:

Jul 10, 2004

Posts:

17,559

Location:

The Netherlands

Yes I've read that open-source does not automatically mean better or safer code.

Last edited: Sep 30, 2014

Rasheed187, Sep 30, 2014

#2
Gullible Jones Registered Member

Joined:

May 16, 2013

Posts:

1,466

"Linus' Law" has never been taken very seriously in infosec circles, from what I've seen...

I think open source software is really important though. Like, vitally important; for pretty much the same reason that public libraries and public radio are important. It's not a matter of it being "better," it's a matter of it being necessary.

Gullible Jones, Sep 30, 2014

#3
Veeshush Registered Member

Joined:

Mar 16, 2014

Posts:

643

Invariably we're going to see articles pointing at this and at Heartbleed and claim a trend in vulnerabilities in open-source software. If anyone has any actual data other than these two instances and the natural human tendency to generalize, I'd like to see it.
Click to expand...

https://www.schneier.com/blog/archives/2014/09/nasty_vulnerabi.html

He called it.

Veeshush, Sep 30, 2014

#4

(You must log in or sign up to reply here.)

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn More...