I think the point that’s more relevant to the original post is that while the speed with which fixes were rolled out were admirable, the flaw existed for years before anybody noticed it.
Codenomicon, the company who actually named the flaw, didn’t find the bug via the source code. They were building a security product and when testing that product against their own servers exposed the flaw. Open Source was not a factor in this discovery.
Google HAD discovered the flaw via the source code, exactly two days earlier.
In this case, the bug was 0.267379679% more discoverable due to being open source versus being closed.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
Rules:
Be civil and nice.
Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
I think the point that’s more relevant to the original post is that while the speed with which fixes were rolled out were admirable, the flaw existed for years before anybody noticed it.
it would have been way worse, because it would have been less discoverable in a closed source software by someone somewhere
Devil’s Advocate…
Codenomicon, the company who actually named the flaw, didn’t find the bug via the source code. They were building a security product and when testing that product against their own servers exposed the flaw. Open Source was not a factor in this discovery.
Google HAD discovered the flaw via the source code, exactly two days earlier.
In this case, the bug was 0.267379679% more discoverable due to being open source versus being closed.