So, this flaw was recently uncovered, and just flooded the Open Source, Linux, and Computing news.
It made such a big splash, not because it was in the software, but because it’s been there for 9 or 10 years. This spawned some other articles, one of which attempted to make a point that open source isn’t always the holy grail it’s made out to be.
Because Open Source can be audited by anyone, doesn’t man that it will be. That was the better message. The message that started to come across though was that open source is less secure because anyone can find the flaws and exploit them, vs. let the governing body know about them to patch.
That said, I think we really just need to understand that while it’s true, nafarious folks (or government agencies) can take advantage to some extent…I simply point to the Closed source equivalents and the fact that we are so accustomed to the flaws involved with those options, we simply don’t consider how many hundreds to thousands of flaws are exploited, found, and not fixed in those closed systems, vs. the open systems.
We never see a big article about a critical Windows flaw, because it’s become just another day with that OS; whereas, we see huge media coverage over Linux / Unix flaws because it’s not part of the normal day to day…that to me is a great plus for the Open Source world.
What are your thoughts?