[TUHS] SunOS code?
Chet Ramey
chet.ramey at case.edu
Thu Sep 6 01:36:48 AEST 2018
On 9/5/18 11:26 AM, Warner Losh wrote:
> On 9/5/2018 2:31 AM, Gilles Gravier wrote:
> > It's the common example that I use to tell people that opensourcing
> > software makes it more secure because the good guys have access to the
> > source code at the same time as the bad guys, which gives them a fair
> > chance to fix bugs before the bad guys use them.
>
>
> Bash/Shellshock kinda proves that premise incorrect, although it's
> pretty much the worst-case example, but still... ;)
>
>
> I'm not sure it does. It proves that bugs aren't instantly found, true. It
> doesn't provide perfection, but does make it easier to find / fix bugs
> before the bad guys. How long would such a bug have languished it if were
> buried inside of DCL.B32 instead of being out in the open?
It proves that if there is someone who has an idea, or who thinks about a
thing in new ways, he can verify his suspicions without too much trouble.
The barrier to investigation is lowered.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet at case.edu http://tiswww.cwru.edu/~chet/
More information about the TUHS
mailing list