Several thoughts on CVE-2014-0160

This week the whole internet was blown away by CVE-2014-0160. It was a real pain for us since we needed to urgently update our servers. Around 2/3 of our servers were affected by this problem. However patches were available for Debian, CentOS, Ubuntu LTS pretty quickly and we were able to apply them.

This however brings several really interesting points in my vision of the whole open-source ecosystem:

  1. Open-source nature of Linux/BSD allows vulnerabilities to be patched very quickly
  2. Argument that many eyes in open-source can help to eliminate really important issues is not always the case. Especially when the code is complex and deals with the security stuff.
  3. Each time I listen to BSDNow podcast I keep hearing how good and secure BSD systems are. And OpenSSL is commonly used as primary example to confirm this point. Given the mentioned CVE-2014-0160 OpenSSL problem I became really sceptical about it. Linux again seems the most advanced and usable platform for both servers and Java development to me.
Advertisements
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s