Security Software

Heartbleed and Open Source

From MIT:

The Heartbleed bug was discovered earlier this month in a piece of software called OpenSSL that is widely used to establish a secure connection between Web browsers and servers by managing the cryptographic keys involved. OpenSSL is an “open source” project, meaning that the underlying code is published along with the software. Also, like many other open-source efforts, it is maintained by a small group of volunteer programmers

via Hunting for the Next Heartbleed | MIT Technology Review.

“Open Source” is one of those concepts that sounds wonderful in theory but eventually runs into real world problems. When it is everybody’s job nobody ends up doing it. It is the classic tragedy of the commons.

Leave a Reply

Your email address will not be published.