[[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

[tglassey at earthlink.net (TGLASSEY)]

Vladis is %100 on the money here. Lets take this a step farther and ask 
is there a criminal liability for the person who checked that code in - 
Oh you bet there is...

Todd

On 4/11/2014 5:49 PM, Valdis.Kletnieks at vt.edu wrote:
> On Sat, 12 Apr 2014 07:56:01 +1000, Matt Palmer said:
>
>> The interesting thing to me is that the article claims the NSA have been
>> using this for "over two years", but 1.0.1 (the first vulnerable version)
>> was only released on 14 Mar 2012.  That means that either:
>>   * The NSA found it *amazingly* quickly (they're very good at what they do,
>>     but I don't believe them have superhuman talents); or
> You seriously think the NSA *isn't* watching the commits to security-relevant
> open source?  Remember - it was a bonehead bug, it's *not* unreasonable for
> somebody who was auditing the code to spot it.  Heck, there's a good chance that
> automated tools could have spotted it.

-- 
-------------

Personal Email - Disclaimers Apply