» Open can never fail, it can only be failed

Robert Pogson on the GnuTLS Linux bug (via Katherine Noyes):

Imagine how long that bug could have survived if the source code had not been available to gazillions of users… Better late than never.

Time to catch the goto fail bug in iOS and OS X: 18 months and 6 months respectively.

Time to catch the GnuTLS bug in Linux: 10 years.

(Again, see my appropriate caveats about me not claiming Apple’s security policy is better here.)

(ADDENDUM: This post originally stated it was only 6 months until the goto fail bug was caught. However, in the case of iOS it was introduced in September of 2012.)