How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

jammag writes: "Heartbleed has dealt a blow to the image of free and open source software. In the self-mythology of FOSS, bugs like Heartbleed aren't supposed to happen when the source code is freely available and being worked with daily. As Eric Raymond famously said, 'given enough eyeballs, all bugs are shallow.' Many users of proprietary software, tired of FOSS's continual claims of superior security, welcome the idea that Heartbleed has punctured FOSS's pretensions. But is that what has happened?"

Re:we don't know what happened AT ALL

[Cid+Highwind]

"Yes, we can trace the changelogs in the software & note who was checking the changes and missed them, but that all can be circumvented."

Actually it can't. That's kind of the point of git.

"The fact is we don't know if Heartbleed was an honest mistake or not...we don't know who knew and when..."

We do know who and what and when, because the person who wrote it and the person who signed off on it have commented publicly about the bug.

Maybe you're thinking of Apple's "goto fail" SSL exploit where we really don't know who or what or when and probably never will because it's not likely Apple is going to release their RCS logs.