On 4/11/14, ianG <[email protected]> wrote: > On 11/04/2014 17:50 pm, Jeffrey Walton wrote: >> http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html >> >> The U.S. National Security Agency knew for at least two years about a >> flaw in the way that many websites send sensitive information, now >> dubbed the Heartbleed bug, and regularly used it to gather critical >> intelligence, two people familiar with the matter said. > > > Bingo! What lessons are we picking up from this? Here's what I'm > feeling so far, flame away: > > 1. score 1 up for closed source. Although this bug would as equally > exist in closed source, the likelihood of discovery, publication and > exploitation is much lower.
Yes, but what's the likelihood of discovery and exploitation in closed source? I'm guessing open source just makes it more likely the bug will eventually be published. Regards, Lee _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
