Path: ...!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Jolly Roger <jollyroger@pobox.com>
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,uk.telecom.mobile
Subject: Re: Almost every iOS & macOS app has had huge vulnerabilities for
 over a decade
Date: 4 Jul 2024 17:19:30 GMT
Organization: People for the Ethical Treatment of Pirates
Lines: 45
Message-ID: <leo3t2Fkdk4U1@mid.individual.net>
References: <v62o4t$22b9c$1@dont-email.me> <v62opd$45rh$3@solani.org>
 <v62pv9$16d01$1@matrix.hispagatos.org> <_ObhO.2$OXD2.1@fx47.iad>
 <v63v8b$4tnp$1@solani.org> <lelk6pF91g3U2@mid.individual.net>
 <v65dij$bum$1@nnrp.usenet.blueworldhosting.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net F4z96WaMmPZOK8+a2rR0CgBS/+wD757AtB4mEl0JxLw1ZyG8lp
Cancel-Lock: sha1:uj0L7wU4rqR6jcJ5UQaEZJNno0g= sha256:BJpj8nRKJKSpk50XQFhvW6Ai1baIJgUjestzh2gq4nY=
Mail-Copies-To: nobody
X-Face: _.g>n!a$f3/H3jA]>9pN55*5<`}Tud57>1<n@LQ!aZ7vLO_nWbK~@T'XIS0,oAJcU.qLM
 dk/j8Udo?O"o9B9Jyx+ez2:B<nx(k3EdHnTvB]'eoVaR495,Rv~/vPa[e^JI+^h5Zk*i`Q;ezqDW<
 ZFs6kmAJWZjOH\8[$$7jm,Ogw3C_%QM'|H6nygNGhhl+@}n30Nz(^vWo@h>Y%b|b-Y~()~\t,LZ3e
 up1/bO{=-)
User-Agent: slrn/1.0.3 (Darwin)
Bytes: 3174

On 2024-07-04, Andrew <andrew@spam.net> wrote:
> Jolly Roger wrote on 3 Jul 2024 18:39:21 GMT :
>
>>> I¢ve always heard open source software is better because people can
>>> actually find vulnerabilities or back doors in them to report. 
>> 
>> That might be true if people didn't find and fix vulnerabilities in
>> closed-source software every day.
>
> Why do you think Apple never noticed the vulnerabilities in over a
> decade?

Answer: Because the vulnerabilities weren't in Apple software but in a
repository system used by app developers, which is the same reason an
enormous number of open source vulnerabilities remain unpatched for 10
years and longer:

Open source vulnerabilities remain unpatched for decades
<https://www.itweb.co.za/article/open-source-vulnerabilities-remain-unpatched-for-decades/wbrpO7gPwGdMDLZn>
---
A new report reveals an enormous number of identified open source
vulnerabilities remain unpatched for 10 years and longer, often because
organisations have no idea what open source code they are using.
..
..
..
With software developers routinely taking code from open source
repositories to embed in their company's products to speed up the
development process, saving time and money, manually tracking
components, their versions and their vulnerabilities is way beyond the
capabilities of most organisations.

The report recommends all organisations invest in an automated solution
for identifying and patching known vulnerabilities. "You can't patch
software if you don't know you are using it," the authors point out.
---

This isn't the "gotcha" you think it is, little Arlen. It's not an
uncommon phenomenon, and is a problem on all platforms.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR