The reason why is a familiar refrain: more eyeballs mean more secure code.
After Heartbleed and the other issues affecting OpenSSL, and Shellsheck affecting bash, why the hell would anyone still be pushing this disproven "more eyeballs" narrative?!
The OpenBSD project proves that security doesn't come from "more eyeballs". It comes from having software developers who know what they're doing, and who take their work very seriously, and who show immense discipline, and who don't put up with bullshit, and who pu
Why the hell would anyone still be pushing this disproven "more eyeballs" narrative?!
It's important to not that if there weren't eyeballs on the code we would never have known about the vulnerabilities to fix to begin with.
They would have only been discovered and exploited by the malicious and never disclosed unless the attack was discovered while the company responsible would spin the issue and would ( in most cases ) not spend the money to secure other installations.
Because flaws cannot be hidden, overlooked or covered up, researchers and other interested parties can perform their own independent audit of the software powering their systems.
-- More eyeballs does in fact mean more secure code. -- Think of it as a global oversight committee.
Once you do that, you'll learn that it was present in bash back in 1989.
When it was finally publicly announced in 2014, the bug had been present for around 25 years!
We aren't talking about an obscure piece of software here, either. Bash is probably among the most widely available and used open source software projects out there, and has been like this for a long time.
Brag about your "global oversight committee" all you want. It's clear that all
Skill of the people, times number of skilled people. Duh.
Dear Americans, please take a look at yourselves, and how you always fall for the binary thinking. Because as an outsider, it's very obvious and very obvious that this is harming you. Whenever something like this arises, expand from (X XOR Y) to [X, Y, X&Y, null, unknown]. Then expand it from discrete to continuous, so that there's a gradient between all of it. With every value blurred into a Gaussian distribution or wavelet. After that, expand from t
"Bond reflected that good Americans were fine people and that most of them
seemed to come from Texas."
- Ian Fleming, "Casino Royale"
BSD is Dying? (Score:5, Funny)
I won't believe it until Netcraft confirms it!
"more eyeballs mean more secure code"?! (Score:5, Insightful)
After Heartbleed and the other issues affecting OpenSSL, and Shellsheck affecting bash, why the hell would anyone still be pushing this disproven "more eyeballs" narrative?!
The OpenBSD project proves that security doesn't come from "more eyeballs". It comes from having software developers who know what they're doing, and who take their work very seriously, and who show immense discipline, and who don't put up with bullshit, and who pu
Re:"more eyeballs mean more secure code"?! (Score:5, Insightful)
Why the hell would anyone still be pushing this disproven "more eyeballs" narrative?!
It's important to not that if there weren't eyeballs on the code we would never have known about the vulnerabilities to fix to begin with.
They would have only been discovered and exploited by the malicious and never disclosed unless the attack was discovered while the company responsible would spin the issue and would ( in most cases ) not spend the money to secure other installations.
Because flaws cannot be hidden, overlooked or covered up, researchers and other interested parties can perform their own independent audit of the software powering their systems.
-- More eyeballs does in fact mean more secure code. -- Think of it as a global oversight committee.
Why was the Shellshock bug there for 25 years? (Score:1)
You should read up about the Shellshock bug that affected bash [wikipedia.org].
Once you do that, you'll learn that it was present in bash back in 1989.
When it was finally publicly announced in 2014, the bug had been present for around 25 years!
We aren't talking about an obscure piece of software here, either. Bash is probably among the most widely available and used open source software projects out there, and has been like this for a long time.
Brag about your "global oversight committee" all you want. It's clear that all
Re: (Score:-1)
No, you little dick, it's you who are retarded, wrong and ignorant. See the other comment.
Re: (Score:0)
You didn't spot it either, champ. Why not?
Jeez, it's BOTH. (Score:0)
Skill of the people, times number of skilled people.
Duh.
Dear Americans, please take a look at yourselves, and how you always fall for the binary thinking. Because as an outsider, it's very obvious and very obvious that this is harming you.
Whenever something like this arises, expand from (X XOR Y) to [X, Y, X&Y, null, unknown].
Then expand it from discrete to continuous, so that there's a gradient between all of it. With every value blurred into a Gaussian distribution or wavelet.
After that, expand from t