[Chugalug] Dropbox (and other Python Apps) Reverse-Engineered
dave at brockmans.com
Thu Aug 29 00:23:58 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 8/28/2013 5:17 PM, Christopher Rimondi wrote:
> "This is the power of open source: with many eyes on the system,
> the weaknesses will be brought to light quite rapidly."
> In theory that statement is great. Theoretically the more eyes on
> the code will find bugs faster. In practice I don't think so. I
> have heard of some pretty old bugs in popular open source
> libraries. Finding security bugs in software is a lot of work.
> I bet if a company was developing a commercial application where
> security counted that relied on open source libraries they would
> never rest on the assumption that the "many eyes looked at the
> code" so it must be secure. They pay someone to review the code
> every time.
Based on the SSH vulnerabilities caused by OpenSSL libraries used in
Cisco code in the last 12-18 months, I'd take that bet....
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Chugalug