Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Permalink for comment 453594
To read all comments associated with this story, please click here.
Comment by porcel
by porcel on Wed 15th Dec 2010 00:44 UTC
Member since:

The level of real code review within OpenBSD can never match that of bigger and better supported projects, which is why this went undetected for as long as it did.

The more people and nations that have a lot riding on the security of of an operating system, the less likely that it can be tampered without detection.

One last thing, it is time that everyone moves to git and to signed commits as done in the linux kernel so that there is complete traceability of any and all changes.

If you think this might be an issue with open source code, just stop and really think what it probably is like in most closed source software and operating systems.

Reply Score: 2