5 Sep
2018
5 Sep
'18
9:36 p.m.
On 9/5/18 11:26 AM, Warner Losh wrote:
On 9/5/2018 2:31 AM, Gilles Gravier wrote:
It proves that if there is someone who has an idea, or who thinks about a
thing in new ways, he can verify his suspicions without too much trouble.
The barrier to investigation is lowered.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet(a)case.edu http://tiswww.cwru.edu/~chet/
It's the common example that I use to tell
people that opensourcing
software makes it more secure because the good guys have access to the
source code at the same time as the bad guys, which gives them a fair
chance to fix bugs before the bad guys use them.
Bash/Shellshock kinda proves that premise incorrect, although it's
pretty much the worst-case example, but still... ;)
I'm not sure it does. It proves that bugs aren't instantly found, true. It
doesn't provide perfection, but does make it easier to find / fix bugs
before the bad guys. How long would such a bug have languished it if were
buried inside of DCL.B32 instead of being out in the open?