"There is no security on this earth, there is only opportunity". - General Douglas MacArthur
Heartbleed is an awful programming flub that affects millions. It's a flub that could have easily existed in proprietary products and never recognized. The fact is, Heartbleed was recognized due to the fact that the code was open and auditable by anyone with the relevant expertise. What would have happened if Google were working with some random vendor and run across this sort of bug? Would the vendor have clamped down on it? Released an update? Or let it simmer for years and threaten lawsuits the whole time?
There's an untold number of programming horrors safely kept out of public purview on corporate servers. In this instance, there was a massive problem and it was handled. While I might not be a huge fan of how it was handled, I think the speed at which it was accomplished is admirable.
Heartbleed is an awful programming flub that affects millions. It's a flub that could have easily existed in proprietary products and never recognized. The fact is, Heartbleed was recognized due to the fact that the code was open and auditable by anyone with the relevant expertise. What would have happened if Google were working with some random vendor and run across this sort of bug? Would the vendor have clamped down on it? Released an update? Or let it simmer for years and threaten lawsuits the whole time?
There's an untold number of programming horrors safely kept out of public purview on corporate servers. In this instance, there was a massive problem and it was handled. While I might not be a huge fan of how it was handled, I think the speed at which it was accomplished is admirable.