Hacker News new | past | comments | ask | show | jobs | submit login

"Those millions of potential eyeballs didn't find the Heartbleed bug."

Sorry, how would we be talking about it if they didn't find it?




After two years when it was in open source code?

How is that any better of a track record than vulnerabilities found in closed source code?


We don't really know when it was first found, iirc, only when it was publicized.


That's not helping the case for open source software...


Exactly.. Open source is awesome, don't get me wrong, but it's not safer by definition. Sure, people can look for problems and openly discuss it and fix it, but that's assuming they are whitehats. Blackhats are also looking, all day every day, for exploits in open-source code. And they can find them before whitehats do.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: