[Discuss] Shellshock
Bill Ricker
bill.n1vux at gmail.com
Wed Oct 1 12:34:53 EDT 2014
On Wed, Oct 1, 2014 at 11:07 AM, Richard Pieri <richard.pieri at gmail.com> wrote:
>> Note that Multiple additional BASH security bugs have been found
>> and/or fixed since they started looking harder in the last week.
> Which is not a bad thing as long as the people looking actually
> understand what they are looking at and what they are looking for. It's
> not so much the quantity of eyes as the quality of those eyes.
Yes indeed. Unskeptical eyes are useless for security review no matter
how multiplied.
Open source doesn't guarantee unskeptical eyes early/often, but it's
possible, unlike commercial closed source where it's forbidden (except
when actively required by Military contract).
--
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux
More information about the Discuss
mailing list