Is the failure of OpenSSL point to a problem with the open source philosoph
One of the basic tenates of open source sources is that it is self fixing as anyone can repair it because the source code is open. It apparently didn't work on the case of OpenSSL. I think it has been around for awhile but no one seemed to either find the problem or fix it. I guess you could say that those who used it got exactly what they paid. This is my point, the idea that open source is by its nature safe is not necessarily true just as it isn't in closed source. So what has happened seems like a lot of silence. What are your thoughts on the subject?
My opinion is that open source has a place, but not everywhere, especially not high security. Because OpenSSL was free, a whole bunch of companies used it. Now that a problem was found, a whole bunch of companies had to rush to fix it. To make my point, none of my financial institutions are using it.
Just have a look at how many bugs are in Apple's software, how many back doors could there be put on purpose by Apple themselves. (Or MS if you want.)
Speaking of backdoors:
Easter egg: DSL router patch merely hides backdoor instead of closing it