Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
| From | RS Wood <rsw@therandymon.com> |
|---|---|
| Newsgroups | comp.misc |
| Subject | Re: Revealed: How Google engineer Neel Mehta uncovered the Heartbleed security bug |
| Date | 2014-10-13 20:41 +0000 |
| Organization | solani.org |
| Message-ID | <m1hde5$tpu$1@solani.org> (permalink) |
| References | <0mzDUySF4hl6RugySL6Ois4V@dont-email.me> |
On 2014-10-12, Rich <rich@example.invalid> wrote: > > The media-shy Google engineer who found the Heartbleed computer > security > "I was doing laborious auditing of OpenSSL, going through the > [Secure Sockets Layer] stack line by line," Mehta said, adding that > he hadn't spoken about it until now because it made him "nervous". I think the conclusion here is that a lot of the open source blah-blah fails under scrutiny. Yes, the open source model has built some stellar products and is a far cry better than proprietary stuff developed in private labs with no peer review. But the idea that all this code is getting scrupulously reviewed on a regular basis just isn't true (no one is claiming it, either, but it is kind of the subtext to a lot of conversations about open source software). Sometimes it takes just one dedicated researcher, going through the code character-by-character, to find a nasty vulnerability that's gone unspotted for decades. But how often is this happening? Not as much as we probably think it is. The Gnome guys for example are busy rewriting their theming engine and adding in transparency and new, softer gradients! (couldn't resist the dig, sorry).
Back to comp.misc | Previous | Next — Previous in thread | Next in thread | Find similar
Revealed: How Google engineer Neel Mehta uncovered the Heartbleed security bug Rich <rich@example.invalid> - 2014-10-12 02:05 +0000
Re: Revealed: How Google engineer Neel Mehta uncovered the Heartbleed security bug Oregonian Haruspex <bob_davis_retired@yahoo.com> - 2014-10-12 21:32 -0700
Re: Revealed: How Google engineer Neel Mehta uncovered the Heartbleed security bug Shadow <Sh@dow.br> - 2014-10-13 14:29 -0300
Re: Revealed: How Google engineer Neel Mehta uncovered the Heartbleed security bug RS Wood <rsw@therandymon.com> - 2014-10-13 20:41 +0000
Re: Revealed: How Google engineer Neel Mehta uncovered the Heartbleed security bug Dan Espen <despen@verizon.net> - 2014-10-13 17:14 -0400
Re: Revealed: How Google engineer Neel Mehta uncovered the Heartbleed security bug Tim Streater <timstreater@greenbee.net> - 2014-10-13 22:40 +0100
Re: Revealed: How Google engineer Neel Mehta uncovered the Heartbleed security bug Dan Espen <despen@verizon.net> - 2014-10-13 18:05 -0400
Re: Revealed: How Google engineer Neel Mehta uncovered the Heartbleed security bug Richard Kettlewell <rjk@greenend.org.uk> - 2014-10-14 08:34 +0100
Re: Revealed: How Google engineer Neel Mehta uncovered the Heartbleed security bug Dan Espen <despen@verizon.net> - 2014-10-14 09:27 -0400
Re: Revealed: How Google engineer Neel Mehta uncovered the Heartbleed security bug Shadow <Sh@dow.br> - 2014-10-14 11:25 -0300
Re: Revealed: How Google engineer Neel Mehta uncovered the Heartbleed security bug Oregonian Haruspex <bob_davis_retired@yahoo.com> - 2014-10-14 17:39 +0000
csiph-web