[[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Michael Thomas mike at mtcc.com
Mon Apr 14 23:14:17 UTC 2014


On 4/14/14 4:06 PM, Randy Bush wrote:
>>> for those you can blame the vendor.  this one is owned by the
>>> community.  it falls on us to try to lower the probability of a next
>>> one by actively auditing source as our civic duty.
>> is that kind of like jury duty?  if only it were more like literature,
>> which we could read for enjoyment.
> true.  also, as someone whacked me, far too many networkers can not read
> code at all.
>
>

It's much, much worse than that. I can still read code plenty fine, but bugs can be
extremely obscure, and triply so with convoluted security code where people are
actively going after you to find problems in most inventive ways. Openssl, etc,
probably need to be treated more like Mars Landers than the typical github forkfest.

Mike




More information about the NANOG mailing list