The Business Times

No bleeding heart for open-source code

Published Tue, Apr 22, 2014 · 10:00 PM
Share this article.

ACROSS the Internet, the latest threat to virtual well-being - the Heartbleed bug - has been distilled into one troublingly simplified thought: "I have to change my passwords now". And so, a flurry of activity ensued, during which the garden-variety Internet user exchanged one weak password, such as '1234', for another, such as '4321', and called it good. As firms lumbered reactively towards a solution, they too risked oversimplifying the issue on a larger scale.

The Heartbleed bug is more than another quirkily named problem; it is symptomatic of a disquieting reliance on open-source programs. The code that the bug compromised - the secure sockets layer (SSL), ironically designed to make the Internet more secure - is an open-source one.

The open-source concept is a double-edged sword - being free to use and repurpose, its bounty is for everyone to reap, but its drawbacks are nobody's responsibility. This is why the Heartbleed vulnerability took two years to detect. Open-source code is used by virtually everyone, from the giants of Silicon Valley to large governments. These codes, so entrenched in critical systems and everyday businesses, are built and maintained by volunteers - a concept that would be unacceptable in any other field, such as manufacturing or consulting.

BT is now on Telegram!

For daily updates on weekdays and specially selected content for the weekend. Subscribe to



Get the latest coverage and full access to all BT premium content.


Browse corporate subscription here