Wednesday, May 14, 2008

Massive Security Hole in Debian

News this week of a massive security hole in Debian shocked a lot of people in the open source community. It puts a chink in the armor of the open source claim that their software is more secure because it's exposed to the world for review.

Just because it's out there and exposed, doesn't mean it's been reviewed. Whether open or closed source, all code needs to go through rigorous security reviews at all stages of the development lifecycle.

What makes this particular security hole so disturbing is that Debian is one of the most widely used Linux distributions and is the backbone of Ubuntu, the most popular distro available. The exploit code targeted the openssl package, a widely used encryption package.


Post a Comment

<< Home