Kirk Wolf wrote: > Sorry, I agree that the entirety of what you wrote was more balanced. I reacted (poorly) to this part:
"Same with open source: using random code from an unknown author would have been unthinkable; now it's common." >I don't think that this is common. Mostly projects use popular open source projects. Most of these have a history, many contributors, test suites, etc. Sure, that was a bit hyperbolic, though by "unknown" I do mean that-typically they're not known quantities like employees (theoretically*) are. Hans Reiser, anyone? >What was shocking about the LOG4J vulnerability was that is was one of these. Indeed. Glad we could agree we aren't really disagreeing! ...phsiii *Scott Tyree, anyone? Yeah, he was at Sterling and then CA when I was there. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN