@Kivuva, Security is an issue for both Open Source /FOSS products(Linux, Android,etc) as well proprietary ones(e.g Windows, SAP, Oracle, iOS, etc). However, the argument for Open Source has been that since the product/code is "open" to millions of programmer eyes, there is a higher probability of eventually spotting and publishing the flaws (such as what has happened in the current instance of the Hearbleed vulnerability). Imagine if this piece of software (OpenSSL) was closed/proprietary; the NSA and even our very own NIS will continue "milking" the security flaw for as long as it takes...and as long as the proprietary owner is sufficiently paid to maintain silence about the security hole. For me its a question of which one is the better devil :-) walu. -------------------------------------------- On Sun, 4/13/14, Mwendwa Kivuva <Kivuva@transworldafrica.com> wrote: Subject: Re: [kictanet] [FOSSFA Members] About Heartbleed Vulnerability To: jwalu@yahoo.com Cc: certification@mail.fossfa.net, "AuthorAID Discussion" <authoraiddiscussion@dgroups.org>, "IlabAfrica" <ilabafrica@strathmore.edu>, fbt@mail.fossfa.net, "Bob Jolliffe" <bobjolliffe@gmail.com>, kictanet@lists.kictanet.or.ke Date: Sunday, April 13, 2014, 1:41 PM This calls for a big debate among the Open Source community and evaluation of how exposed we can be. I'm imagining how many servers will go unpatched thus exposing the data to would be hackers. It is alleged through a Bloomberg article that NSA knew about the vulnerability two years ago, but kept it secret to continue harvesting user data. http://mobile.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed... This might be a wrong alarm but How safe are we as FOSS community because we heavily rely on these applications that may actually have backdoors and rootkits with the aim of taking control of our systems and spying on us. Regards -- ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.