[Chugalug] Dropbox (and other Python Apps) Reverse-Engineered

Dave Brockman dave at brockmans.com
Thu Aug 29 00:23:58 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/28/2013 5:17 PM, Christopher Rimondi wrote:
> "This is the power of open source: with many eyes on the system,
> the weaknesses will be brought to light quite rapidly."
> 
> In theory that statement is great. Theoretically the more eyes on
> the code will find bugs faster. In practice I don't think so. I
> have heard of some pretty old bugs in popular open source
> libraries. Finding security bugs in software is a lot of work.
> 
> I bet if a company was developing a commercial application where 
> security counted that relied on open source libraries they would
> never rest on the assumption that the "many eyes looked at the
> code" so it must be secure. They pay someone to review the code
> every time.

Based on the SSH vulnerabilities caused by OpenSSL libraries used in
Cisco code in the last 12-18 months, I'd take that bet....

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSHpSeAAoJEMP+wtEOVbcdIS8H/jjZZpvA7rkeSlc6VSole/VG
95ACaVTl0t1fHcZwmrLAudAQSX0pSw2RY2WpvKivnRKf8BGQhtjLAdM7P6hqaKjA
ZYI0lVlbf7WyWPVgmyk389aaO3hRvuthZmjBwXz4b4RXmg6nLUPv6owsH4Qjp2NS
ebOAvbyARbxzwJLD0sjaPObsEb3LDYKpK7YO5LkB5/opew1leHdrSCCn2APxLxnh
ensUflgL4iVnBeq8Vjs5WneDvlUdX4DvH0to4ojob1bt+oI82PRAO/+9mWqNFxZz
QKflUzbKIV3hPTB72En6A90nISH78HdNzm2sLBqyycZtd9rdzMpcDKu5FGx3eQg=
=psB/
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list