Hacker News new | ask | show | jobs
by wolfgke 3371 days ago
Unluckily this is true. But there is a central difference: If such a security bug occurs in an open source software, you can in principle look for the bug source yourself to fix it to secure your computer to against attacks. If it is closed source, this is hardly possible or often such a self-defense is even illegal.
1 comments
scarface74 3371 days ago
In theory yes, but just to take one well known example, the HeartBleed SSL bug was introduced in 2012 but wasn't found until 2014.
link
throwaway2048 3371 days ago
At least it can be patched, if the equivilent bug occured in a closed source arm SoC driver, it would NEVER be patched.
link
eridius 3370 days ago
Why wouldn't it be? If a vendor doesn't patch their drivers to fix security issues, people will stop using their products.
link