Linked by Thom Holwerda on Fri 14th Jun 2013 17:32 UTC
Microsoft From Bloomberg: "Microsoft, the world's largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes." The lid has officially been blown off.
Thread beginning with comment 564757
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Wow, wow, wow...
by darknexus on Fri 14th Jun 2013 23:06 UTC in reply to "Wow, wow, wow..."
Member since:

I don't normally care a whole lot about the pros and cons of proprietary vs. open source... but Microsoft just gave free and open source software one hell of a boost.

Not at all. Unless you are going to examine every bit of code that goes on your machine, it's entirely possible for open source software to have these backdoors just as much as, if not more than, proprietary software. Peer code review is easy enough to slip something by, especially if it manifests no obvious symptoms and considering how many various distributions patch their software in custom ways. Are you going to examine every patch? Every update? No? Then you could be just as vulnerable as anyone running Windows.

Reply Parent Score: 0

RE[2]: Wow, wow, wow...
by Soulbender on Sat 15th Jun 2013 06:09 in reply to "RE: Wow, wow, wow..."
Soulbender Member since:

Then you could be just as vulnerable as anyone running Windows.

Vulnerable but not as vulnerable.
There are more people from different parts of the world looking at the code and commits. Sure, something could slip by but the chances is pretty slim. The chances the project will keep important security issues from you in order to appease the U.S government are also much smaller.

Reply Parent Score: 7

RE[2]: Wow, wow, wow...
by cdude on Sat 15th Jun 2013 11:41 in reply to "RE: Wow, wow, wow..."
cdude Member since:

Unless ... examine every ... code

What is exactly what happens. Code like those of the Linux Kernel is permanently reviewed. No single patch goes in without multiple reviews from different people, without the patch being public available.

The nature, read license, also makes sure all distributors publish there patches, even try to get them proactive upstream.

Are you going to examine every patch? Every update?

That is whats happening, yes. There are 1000 times as much reviewers as coders and not everybody needs to cross-check everything again. A chain of trust and shared work. Get used to it, its the present and future cause this days software like a Kernel is to complex for individuals.

Edited 2013-06-15 11:43 UTC

Reply Parent Score: 9