[170940] in North American Network Operators' Group
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
daemon@ATHENA.MIT.EDU (Michael Thomas)
Sun Apr 13 11:09:12 2014
Date: Sun, 13 Apr 2014 08:08:46 -0700
From: Michael Thomas <mike@mtcc.com>
To: Randy Bush <randy@psg.com>
In-Reply-To: <m2eh11i8nj.wl%randy@psg.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 04/13/2014 07:52 AM, Randy Bush wrote:
>>> the point of open source is that the community is supposed to be doing
>>> this. we failed.
>> Versus all of the closed source bugs that nobody can know of or do
>> anything about?
> for those you can blame the vendor.
Or not.
> this one is owned by the community.
> it falls on us to try to lower the probability of a next one by actively
> auditing source as our civic duty.
>
>
And we all know how well civic duty works as a motivator. If we really
want to do something
constructive, convince the corpro-takers to open their wallets to fund
those auditing functions.
Mike
