Several thoughts on CVE-2014-0160
This however brings several really interesting points in my vision of the whole open-source ecosystem:
- Open-source nature of Linux/BSD allows vulnerabilities to be patched very quickly
- Argument that many eyes in open-source can help to eliminate really important issues is not always the case. Especially when the code is complex and deals with the security stuff.
- Each time I listen to BSDNow podcast I keep hearing how good and secure BSD systems are. And OpenSSL is commonly used as primary example to confirm this point. Given the mentioned CVE-2014-0160 OpenSSL problem I became really sceptical about it. Linux again seems the most advanced and usable platform for both servers and Java development to me.