[kictanet] [FOSSFA Members] About Heartbleed Vulnerability
Walubengo J
jwalu at yahoo.com
Mon Apr 14 10:02:26 EAT 2014
@Kivuva,
Security is an issue for both Open Source /FOSS products(Linux, Android,etc) as well proprietary ones(e.g Windows, SAP, Oracle, iOS, etc). However, the argument for Open Source has been that since the product/code is "open" to millions of programmer eyes, there is a higher probability of eventually spotting and publishing the flaws (such as what has happened in the current instance of the Hearbleed vulnerability).
Imagine if this piece of software (OpenSSL) was closed/proprietary; the NSA and even our very own NIS will continue "milking" the security flaw for as long as it takes...and as long as the proprietary owner is sufficiently paid to maintain silence about the security hole.
For me its a question of which one is the better devil :-)
walu.
--------------------------------------------
On Sun, 4/13/14, Mwendwa Kivuva <Kivuva at transworldafrica.com> wrote:
Subject: Re: [kictanet] [FOSSFA Members] About Heartbleed Vulnerability
To: jwalu at yahoo.com
Cc: certification at mail.fossfa.net, "AuthorAID Discussion" <authoraiddiscussion at dgroups.org>, "IlabAfrica" <ilabafrica at strathmore.edu>, fbt at mail.fossfa.net, "Bob Jolliffe" <bobjolliffe at gmail.com>, kictanet at lists.kictanet.or.ke
Date: Sunday, April 13, 2014, 1:41 PM
This calls for a big debate among the
Open Source community and
evaluation of how exposed we can be. I'm imagining how many
servers
will go unpatched thus exposing the data to would be
hackers.
It is alleged through a Bloomberg article that NSA knew
about the
vulnerability two years ago, but kept it secret to continue
harvesting
user data. http://mobile.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
This might be a wrong alarm but How safe are we as FOSS
community
because we heavily rely on these applications that may
actually have
backdoors and rootkits with the aim of taking control of our
systems
and spying on us.
Regards
--
______________________
Mwendwa Kivuva, Nairobi, Kenya
twitter.com/lordmwesh
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a
multi-stakeholder platform for people and institutions
interested and involved in ICT policy and regulation. The
network aims to act as a catalyst for reform in the ICT
sector in support of the national aim of ICT enabled growth
and development.
KICTANetiquette : Adhere to the same standards of acceptable
behaviors online that you follow in real life: respect
people's times and bandwidth, share knowledge, don't flame
or abuse or personalize, respect privacy, do not spam, do
not market your wares or qualifications.
More information about the KICTANet
mailing list