openclosedsource

Aged Security Flaw Renews Open/Closed-Source Debate

The recent announcement of a 13-year old security flaw found in an Open Source security library has renewed the debate between open source and closed source software. The library, crypt_blowfish, allows for fast two-way password encryption. The flaw introduces the potential for passwords to be easily compromised and affects PHP and a number of Linux distributions that include the crypt_blowfish library.
As with most security bug announcements both the Linux/Open Source and Microsoft/Closed Source supporters began pointing fingers at each other on several news sites and blogs, with the occasional troll tossing in a flaming comment just to keep emotions high. Unfortunately this type of debate rarely does anything to move the industry or community closer to more secure software deployments.
In handling aged security flaws such as this it is important to put aside emotion and focus on the issue. Security issues involving a broadly deployed code base require …