Free Software security vulnerabilities: Heartbleed and other case studies?

Bastien Guerry bzg at gnu.org
Wed Jul 26 13:50:26 UTC 2017


Hi Hugo,

Hugo Roy <hugo at fsfe.org> writes:

> Any case studies on how the world dealt to react quickly and update
> systems in reponse to Heartbleed for instance?

I remember blackduck had some reports comparing FLOSS/non-FLOSS with
respect to their security, I found this, but I’m sure there are more
detailed documents:

https://info.blackducksoftware.com/rs/872-OLS-526/images/OSSAReportFINAL.pdf

Also, a bit older, but with more data:
http://go.coverity.com/rs/157-LQW-289/images/2014-Coverity-Scan-Report.pdf

I’m not a specialist at all, and all these sources must be read with
a grain of salt, because authors are often not neutral.

HTH,

-- 
 Bastien



More information about the Discussion mailing list