» Open wins again

From the Heartbleed Q&A:

How common are the vulnerable OpenSSL versions?

The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems.

Two years. But just imagine how long that bug could have survived if the source code had not been available to gazillions of users.

Looks like open source is still looking for some developers who think giving code security audits on a Saturday night sounds like a good time. That’s the worst OK Cupid profile ever.