The reason why is a familiar refrain: more eyeballs mean more secure code.
After Heartbleed and the other issues affecting OpenSSL, and Shellsheck affecting bash, why the hell would anyone still be pushing this disproven "more eyeballs" narrative?!
The OpenBSD project proves that security doesn't come from "more eyeballs". It comes from having software developers who know what they're doing, and who take their work very seriously, and who show immense discipline, and who don't put up with bullshit, and who pu
Why the hell would anyone still be pushing this disproven "more eyeballs" narrative?!
It's important to not that if there weren't eyeballs on the code we would never have known about the vulnerabilities to fix to begin with.
They would have only been discovered and exploited by the malicious and never disclosed unless the attack was discovered while the company responsible would spin the issue and would ( in most cases ) not spend the money to secure other installations.
Because flaws cannot be hidden, overlooked or covered up, researchers and other interested parties can perform their own ind
Once you do that, you'll learn that it was present in bash back in 1989.
When it was finally publicly announced in 2014, the bug had been present for around 25 years!
We aren't talking about an obscure piece of software here, either. Bash is probably among the most widely available and used open source software projects out there, and has been like this for a long time.
Brag about your "global oversight committee" all you want. It's clear that all of your beloved "eyeballs" couldn't find a very serious bug in one of the most widely used open source software applications.
If major bugs are overlooked in a project as significant as bash for a quarter of a century, then the situation is far worse for pretty much every other open source project out there.
All of these claims about "millions of eyeballs" are nonsense.
BSD is Dying? (Score:5, Funny)
I won't believe it until Netcraft confirms it!
"more eyeballs mean more secure code"?! (Score:5, Insightful)
After Heartbleed and the other issues affecting OpenSSL, and Shellsheck affecting bash, why the hell would anyone still be pushing this disproven "more eyeballs" narrative?!
The OpenBSD project proves that security doesn't come from "more eyeballs". It comes from having software developers who know what they're doing, and who take their work very seriously, and who show immense discipline, and who don't put up with bullshit, and who pu
Re: (Score:5, Insightful)
Why the hell would anyone still be pushing this disproven "more eyeballs" narrative?!
It's important to not that if there weren't eyeballs on the code we would never have known about the vulnerabilities to fix to begin with.
They would have only been discovered and exploited by the malicious and never disclosed unless the attack was discovered while the company responsible would spin the issue and would ( in most cases ) not spend the money to secure other installations.
Because flaws cannot be hidden, overlooked or covered up, researchers and other interested parties can perform their own ind
Why was the Shellshock bug there for 25 years? (Score:1)
You should read up about the Shellshock bug that affected bash [wikipedia.org].
Once you do that, you'll learn that it was present in bash back in 1989.
When it was finally publicly announced in 2014, the bug had been present for around 25 years!
We aren't talking about an obscure piece of software here, either. Bash is probably among the most widely available and used open source software projects out there, and has been like this for a long time.
Brag about your "global oversight committee" all you want. It's clear that all of your beloved "eyeballs" couldn't find a very serious bug in one of the most widely used open source software applications.
If major bugs are overlooked in a project as significant as bash for a quarter of a century, then the situation is far worse for pretty much every other open source project out there.
All of these claims about "millions of eyeballs" are nonsense.
Re: (Score:-1)
No, you little dick, it's you who are retarded, wrong and ignorant. See the other comment.
Re: (Score:0)
You didn't spot it either, champ. Why not?