undefined | Better HN

0 pointswolfgke8y ago0 comments

Unluckily this is true. But there is a central difference: If such a security bug occurs in an open source software, you can in principle look for the bug source yourself to fix it to secure your computer to against attacks. If it is closed source, this is hardly possible or often such a self-defense is even illegal.

0 comments

scarface748y ago

In theory yes, but just to take one well known example, the HeartBleed SSL bug was introduced in 2012 but wasn't found until 2014.

throwaway20488y ago

At least it can be patched, if the equivilent bug occured in a closed source arm SoC driver, it would NEVER be patched.

eridius8y ago

Why wouldn't it be? If a vendor doesn't patch their drivers to fix security issues, people will stop using their products.

j / k navigate · click thread line to collapse