5 Sep
2018
5 Sep
'18
9:26 p.m.
On Wed, Sep 5, 2018 at 6:55 AM Arthur Krewat <krewat(a)kilonet.net> wrote:
On 9/5/2018 2:31 AM, Gilles Gravier wrote:
I'm not sure it does. It proves that bugs aren't instantly found, true. It
doesn't provide perfection, but does make it easier to find / fix bugs
before the bad guys. How long would such a bug have languished it if were
buried inside of DCL.B32 instead of being out in the open?
Warner
It's the common example that I use to tell
people that opensourcing
software makes it more secure because the good guys have access to the
source code at the same time as the bad guys, which gives them a fair
chance to fix bugs before the bad guys use them.
Bash/Shellshock kinda proves that premise incorrect, although it's
pretty much the worst-case example, but still... ;)