OSNews

>How are such exploits unique to proprietary software?

Well they're not really, but (I can't really believe I'm going to quote Eric S. Raymond) -

"given enough eyeballs, all bugs are shallow"

The premise of that claim: "Given enough eyeballs", is often taken as a given. Everyone who has done a security audit of Gnash, please raise your hand.

I'm a strong advocate of open source. But I would be remiss not to state that eyeballs per line of code can be quite variable.

You just hope that whichever pair of eyeballs discovers the hole first belongs to one of the good guys.

I would say the lesson learned here for anyone who still believes that proprietary software is safer due to the closed-code is: It doesn't matter - someone with the know-how and determination will still figure out how the software works and find exploits.

Thus, open source has the advantage that *more* people can evaluate the source and find such flaws prior to compilation rather than via low level debugger and disassembly.

Also, if someone wanted to fix this in a mission critical environment before an official patch is available, they would be able to. Something that is not so easy with proprietary closed-source software.

edit: fixed wrong word in my sentence

Edited 2008-04-16 18:12 UTC

The exploits they were talking about seem to have a lot to do with the Flash AVM, which just happens to be open source.

http://www.mozilla.org/projects/tamarin/

Read Touvan's comment above, then read the article again. You will see that this exploit required detailed knowledge of the internal workings of the VM. If the VM had been closed source developing this exploit would have been more difficult.

Edited 2008-04-16 21:07 UTC