Pixel Envy

Written by Nick Heer.

If Only GnuTLS Had Been Open Source

Watts Martin, on the bug in GnuTLS which is equal to or perhaps worse than Apple’s “goto fail” bug:

[S]oftware with few users tends to stagnate; software that becomes popular tends to keep being developed. This holds true regardless of the license and access to the source code. There are a lot of fossilized open source projects out there, and a lot of commercial products with vibrant communities. Being open source helps create such communities for certain kinds of applications (mostly developer tools), but it’s neither necessary nor, in and of itself, sufficient. And no one—not even the most passionate open source developer—ever says something like, “You know what I’d like to do tonight? Give GnuTLS a code security audit.”

The theory behind open source is that publicly-visible code ensures errors in it are also visible publicly, therefore they should be fixed faster. The reality is less encouraging.