We’ve had some time for the shock of the Heartbleed announcement to sink in and there’s a lot to consider. While the first impressions might be about the serious, exploitable bug and the repercussions of its abuse, the incident casts light on both the value and risks of open source. Continue reading
Tag Archives: Heartbleed
Was OpenSSL’s licensing responsible for the neglect that led to Heartbleed?
Addressing the question of why the OpenSSL project received such low levels of participation pre-Heartbleed, David A. Wheeler, an expert in government use of open source, suggests that it could be down to the choice of license. Within a longer work discussing many of the technical issues involved in addressing Heartbleed, Wheeler wrote:
I suspect that more code review and contributions would occur if OpenSSL used a standard widely used license
Could it be that potential community members were put off engaging with OpenSSL simply on account of the licensing decision? Continue reading