On Thu, Oct 23, 2014 at 11:55 AM, sahil साहिल <[email protected]> wrote: > On Thu, Oct 23, 2014 at 8:33 AM, Shakthi Kannan <[email protected]> > wrote: > >> Bugs get reported and they get fixed. There is nothing shocking about >> it. It is the way things work in F/OSS.
This is the way it work in any software, granted. > Well said by Shakthi sir. As long as there are softwares there should be > bugs. But the main thing is they get reported and fixed and this is known > to all of us. > >> We at least know they are fixed, unlike proprietary systems. > > +1. That's the beauty of F/OSS (at least in my sense). Publicly exposed > vulnerabilities and publicly fixed so no need to fear. I love FOSS and understand all that is being said. I think it is better in security than closed source. However, the stats shown in the article are interesting and the opinion of security researchers seem to suggest that there is no difference between closed source and open source in terms of vulnerabilities. This is not something that is expected. While fixes may come fast, the more eyeballs proposition says that vulnerabilities will be caught earlier and sooner as source is available for all to see. Soon/early enough to avoid large scale impact. Heartbleed and Shellshock have had a large impact across the board for a lot of sites. I cannot deny that these two alone have cast a shadow over these security assumptions in open source. SSL and Bash have been around for ages and still these vulnerabilities took so long to surface. -- Mohan Sundaram _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines
