I think the point that’s more relevant to the original post is that while the speed with which fixes were rolled out were admirable, the flaw existed for years before anybody noticed it.
Codenomicon, the company who actually named the flaw, didn’t find the bug via the source code. They were building a security product and when testing that product against their own servers exposed the flaw. Open Source was not a factor in this discovery.
Google HAD discovered the flaw via the source code, exactly two days earlier.
In this case, the bug was 0.267379679% more discoverable due to being open source versus being closed.
I think the point that’s more relevant to the original post is that while the speed with which fixes were rolled out were admirable, the flaw existed for years before anybody noticed it.
it would have been way worse, because it would have been less discoverable in a closed source software by someone somewhere
Devil’s Advocate…
Codenomicon, the company who actually named the flaw, didn’t find the bug via the source code. They were building a security product and when testing that product against their own servers exposed the flaw. Open Source was not a factor in this discovery.
Google HAD discovered the flaw via the source code, exactly two days earlier.
In this case, the bug was 0.267379679% more discoverable due to being open source versus being closed.