[Discuss] Shellshock
Richard Pieri
richard.pieri at gmail.com
Wed Oct 1 13:22:42 EDT 2014
On 10/1/2014 12:34 PM, Bill Ricker wrote:
> Yes indeed. Unskeptical eyes are useless for security review no matter
> how multiplied.
As an aside, this is why I trust self-encrypting disk firmware. Rather,
it's better to say that I don't trust it any more or less than I trust
software like TrueCrypt and Bitlocker that I don't understand either.
> Open source doesn't guarantee unskeptical eyes early/often, but it's
> possible, unlike commercial closed source where it's forbidden (except
> when actively required by Military contract).
That's not true. Having skeptical eyes is not forbidden. Whether or not
those eyes can do anything about what they see is a different issue, one
that can usually be traced back to whoever holds the purse. But then,
money or lack thereof is one of the things that ails many high profile
open source projects, too.
--
Rich P.
More information about the Discuss
mailing list