Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Thread beginning with comment 453670
To view parent comment, click here.
To read all comments associated with this story, please click here.
Valhalla
Member since:
2006-01-24

("makes all bugs shallow"), if a few paid-off OSS devs can put backdoors into an OSS OS and they're there for years with nobody noticing.

Well, with open source you CAN audit, if you don't then obviously it's no safer than closed source. With closed source you don't have that option at all.

Reply Parent Score: 4

google_ninja Member since:
2006-02-05

To argue the other side; With closed source, a company has financial incentive to audit their code, since they can be sued if something goes wrong. In open source, nobody has that incentive.

Reply Parent Score: 3

dylansmrjones Member since:
2005-10-02

Bullshit, and nice trolling btw.

Companies have little financial incentive to audit their code, not even when explicitly paid for it. They will audit the code exactly as little as they can get away with - and no more. There's a reason the most insecure software packages are proprietary packages. Because they cannot be effectively audited.

FLOSS projects have an incentive that no proprietary project will ever have: Street credit.

Reply Parent Score: 2

TheGZeus Member since:
2010-05-19

o_O?

So open source hackers don't get paid to write code? That would explain why Linus Torvalds is so poor, and Red Hat went out of business.

Oh, wait.

Reply Parent Score: 1

ichi Member since:
2007-03-06

a company has financial incentive to audit their code, since they can be sued if something goes wrong.


Really? When was the last time that happened?
Has any software company ever been sued because of a bug that compromised their customers' security?

Reply Parent Score: 3