The Heartbleed bug may be a media frenzy over a small, quickly patched bug, but it raises important questions about open-source software.
Free software may have become the crack cocaine of the high tech sector. The flaw in OpenSSL at the heart of the recent Heartbleed bug suggests it may be time to get into some sort of recovery program.
Is it time to reevaluate the real costs of free software, free Web services, and open-source code? Specifically, I wonder whether we need an industry consortium of paid members to vet and certify the security of widely used open-source software components.
I am no security expert. Decades ago college professors told me I didn't have a future as a software developer, either. So I am not taking a stand as a final authority, rather I seek to open discussion from experts on what are the next right steps.
A recent New York Times article highlighted the shoestring budget upon which OpenSSL is developed and maintained. It suggested the volunteer nature of open source code puts many projects in the same shabby boat.
As a user, I frequently go to free online web services to convert .wav to .mp3 files. Only recently have I seen one of them add a box to take contributions.
Like so many others, I regularly use Google search and maps and Facebook to communicate with friends and acquaintances. I know my information, my eyeballs, and my privacy are being sold every which way to more than pay for these free services.
As a journalist, I have seen the heavy price we pay for free news on the Internet. Most of the world's best newspapers and magazines struggle to survive while we swim in a sea of free news of questionable quality.
In the end I have questions I would like to hear this community address:
- Is our open source code a similar sea of free software of questionable quality?
- Was Heartbleed just a media blitz about a minor flaw, quickly patched, the sort of human error that comes from any system, open or closed?
- Are today's software developers compensated in fair ways that reward their work?
In the end I wonder if the pendulum has swung too far in the direction of free, and it's about time to move back toward some center. Thanks in advance for taking time out to provide some free, but hopefully valuable, commentary.
— Rick Merritt, Silicon Valley Bureau Chief, EE Times