Jim Burnes - Denver wrote:
Already proven. The emergent behavior of the Linux development model does not need centralized process to coordinate it. People who had access to the source and were aware of the teardrop attack hacked a patch to it almost immediately. The patch was widely available the next day. How long did it take for microsoft?
Agreed, but that's a different issue. Here we're talking about deliberately inserted back doors. Those can get extremely nasty, and may be unpatchable. Examples include "data kidnap" (encrypting the target's information in situ and demanding a ransom for the decryption key), and "data cancer" (slow corruption of the target's information, ensuring that the backups are also corrupted). Quickly patching the software that delivers those attacks isn't anough--you need a defence against it being introduced and activated in the first place. I haven't heard of any real examples of such attacks, but that's not especially comforting. Cheers, Frank O'Dwyer.