The OpenSSL Heartbleed bug is everywhere in the media these days. Did Heartbleed happen because OpenSSL lacks the resources and visionary leadership of Linux? Does OpenSSL need a Linus Torvalds to guide and promote it? The NY Times looks at the differences between Linux and OpenSSL.
According to the NY Times:
When a crucial and ubiquitous piece of security code like OpenSSL — left vulnerable for two years by the Heartbleed flaw — can be accessed by all the world’s programming muscle, but only has one full-time developer and generates less than $2,000 in donations a year, clearly something is amiss.
But then there’s Linux. Volunteers all over the world submit seven changes to Linux every hour, and millions of lines of code improvements and fixes are voluntarily added to the software every year. Over 180 major companies, including Hewlett-Packard, Oracle, IBM and Samsung, every year contribute around half a million dollars to the Linux Foundation, the nonprofit that supports the Linux system.More at NY Times
The article raises some very good points about the need for additional resources and promotion for projects like OpenSSL. Hopefully these projects will get an influx of volunteers and capital to bring them up to par with Linux. Many more people are now aware of this need, so I think we'll be seeing the community respond in a very positive and proactive way.
The media coverage of Heartbleed
I had a few thoughts of my own to share the other day about how the media has been covering Heartbleed.
According to Eye On Linux:
I think there are a couple of different things going on in the media coverage of Heartbleed.
The first can be summed up with this old saying: If it bleeds, it leads. This is the old media canard that if the news is bad then it gets front page coverage, and in the age of the Internet, that also means 24×7 coverage. Bad news is big bucks for media outlets, and if they can play up the hype then they can scare people into clicking more, thus generating more ad impressions and revenue for their companies.
The second thing that is quite noticeable is the attempt to cast blame on open source as a viable software model. In some ways I think this is more insidious than the first problem. There have always been some people that disliked open source software for one reason or another. Heartbleed provides them with the opportunity to bash open source and cast doubt on the security of open source software. But is any of their hyperbolic drivel really true?More at Eye On Linux