undefined | Better HN

0 pointsPakG110y ago0 comments

The point is that a world of coders who would be mulling over the code due to interest and spare time would likely find critical issues and shine light onto them, making it a PR issue for those companies. If those companies ever get around to offering bounties for issues relating to safety or security, even easier to get an army of eyes on the code.

0 comments

6 comments · 2 top-level

TeMPOraL10y ago· 4 in thread

That's the point. We already know it doesn't work. Most recent examples would be Heartbleed, ShellShock, etc.

snowwrestler10y ago

Heartbleed and ShellShock are examples of why open source is better. Both were found by folks who were not the software maintainers, but were reviewing the source code independently.

In comparison, it took multiple deaths and a major lawsuit to create the same level of visibility into Toyota's codebase. And what reviewers found was code quality far worse than that of OpenSSL or bash.

Someone else said this in another HN thread, but I love it: imagine a world in which Consumer Reports car reviews include a code audit report. That would be far, far better for overall safety than the current situation.

TeMPOraL10y ago

I agree. I might have stated my point too strongly.

I just think that going Open Source won't magically fix things. ShellShock and Heartbleed were out there for many years before someone reported on them, with (AFAIR) evidence of those holes being exploited by malicious actors. Trying to force a switch to Open Source won't improve situation very much, while requiring a serious overhaul of how the entire world does business. It doesn't seem to be worth it without introducing additional ways to fix the software creation and testing process.

Lewton10y ago

OSS having bugs is not proof that open sourcing software won't lead to less bugs.

TeMPOraL10y ago

I'm only trying to show that you can't shout "Open Source!" and get magical immunity from bugs in life-critical software. We need to think of something else instead, or in addition to, open-sourcing to meaningfully reduce the amount of those bugs.

1 more reply

fahadkhan10y ago

"spare time", do you know where I can find some of that?

j / k navigate · click thread line to collapse