Recently we had to wrestle with the Heartbleed bug. Heartbleed, was/is a major flaw in certain versions of OpenSSL, which is itself an “open source” project/application/codebase… This has had all of the armchair developers (myself included in that mix) either defending the concept of open-development or attacking it on grounds that it is less secure. I hold strongly to the former opinion that open development is a better way of doing things but that is rooted more in my personal philosophies (which I do believe have merit) and not exactly in some strong study on the issue itself.
A quick Google search shows me that most people don’t even think about it, they just speak their mind and move on (like so many other topics…) and as a result make a lot of idiotic statements one way or the other. Hopefully this isn’t just another idiotic statement adding to the noise :). That same search also tells me that very little hard research has been done on the matter to validate anyone’s opinions.
Well, now a critical error has been found in Internet Explorer and there has already been evidence of its exploitation in the wild. (more…)