On Thu, 2014-07-03 at 09:51 -0600, Barry MacKichan wrote: > The HeartBleed bug is an example of a serious, unintentional, problem in > an open source package. In that case, even though the software was > available to millions of eyeballs, not that many actually looked at it. > I suspect only the mainstream big programs (such as Apache) are closely > examined. Since I usually find the programs I want through word of mouth > from people I trust, I don't worry much about it and have not yet > regretted it. Also, I use a Mac.
The path of least resistance for organizations without a lot of time and money (and integrity) is just to keep secrets until they are forced to do something. People are prone to trusting authorities on things, and remarkably will even pay for the privilege and insist on governance to be sure of it! I would rather be able to estimate risk and intervene when the risks are high. Or at least have a feasible way to gain meta knowledge about what I don't know. As Roger once remarked (paraphrasing), "I'm getting more ignorant every day." I just want to be able to get a sense of the rate of that process... Many people seem to believe they can stop that process, or stop the consequences of that process, by delegating and deferring to others. But they are wrong. Marcus ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
