|
|
|
|
|
|
by babs474
4444 days ago
|
|
|
tptacek, we all want to hear Willem Pinckaers' take, it is really good stuff. I also want to hear ideas from Akamai, even if they aren't perfect. Perhaps they can lead to good things. Unfortunately Pinckaers' commentary is a little bit too hostile and calls for Akamai to cease sharing ideas[1]. I'm sure Akamai's developers are "adult" enough, as you say, to handle it. However there is a trope in software development community that if you share something, you should be fine with being open to no holds barred attacks. Wouldn't the more "adult" behavior be to criticize in a more professional tone that is open to refinement of ideas and could spark further collaboration? I'd like to see this type of communication more in the software world, I think it would encourage more participation. [1]"they should not be sending out non-functional, bug ridden patches to the OpenSSL community" |
|
|
An idea or concept on its own can't really do much, at least until it's put into practice somehow. The potential for harm is quite minimal, if it even exists.
Code, on the other hand, can often be directly used with relative ease by people who may not fully understand the possible implications of using such code. The potential for harm exists, and could be significant.
In the context of security, it's important to avoid potentially-harmful code wherever possible. If somebody has concerns about some code, regardless of who wrote it, it is best to express those concerns in a very blunt and direct manner.
Security is just not something to fool around with. The hard questions and painful facts should be out in the open, especially when code is involved and capable of being used. It's just not the time or place for pussyfooting around.