« | Home | Categories | »

Be Still My Breaking Heart

Posted on April 12th, 2014 at 17:17 by John Sinteur in category: Security, Software -- Write a comment


Note that not all code, even in the same project, is equally exposed. It’s tempting to say it’s a needle in a haystack. But I promise you this: Anybody patches Linux/net/ipv4/tcp_input.c (which handles inbound network for Linux), a hundred alerts are fired and many of them are not to individuals anyone would call friendly. One guy, one night, patched OpenSSL. Not enough defenders noticed, and it took Neel Mehta to do something.

We fix that, or this happens again. And again. And again.

No more accidental finds. The stakes are just too high.

previous post: Twitter + GNIP

next post: What Heartbleed Can Teach The OSS Community About Marketing