On Wed, Sep 5, 2018 at 6:55 AM Arthur Krewat <krewat@kilonet.net> wrote:

>
>
> On 9/5/2018 2:31 AM, Gilles Gravier wrote:
> > It's the common example that I use to tell people that opensourcing
> > software makes it more secure because the good guys have access to the
> > source code at the same time as the bad guys, which gives them a fair
> > chance to fix bugs before the bad guys use them.
>
>
> Bash/Shellshock kinda proves that premise incorrect, although it's
> pretty much the worst-case example, but still...  ;)
>

I'm not sure it does. It proves that bugs aren't instantly found, true. It
doesn't provide perfection, but does make it easier to find / fix bugs
before the bad guys. How long would such a bug have languished it if were
buried inside of DCL.B32 instead of being out in the open?

Warner