Wheeler: Insecure open source software libraries?
Posted Apr 10, 2012 10:17 UTC (Tue) by khim
In reply to: Wheeler: Insecure open source software libraries?
Parent article: Wheeler: Insecure open source software libraries?
And that is the main problem with bundling, if you bundle the library then you also have to maintain it or your application might all of the sudden become a security threat due to a problem in a bundled library.
And it'll not be a problem because of problems in your own code… why, exactly?
If you actively maintain your program then it's not a big deal to upgrade libraries, too. If you don't maintain it then it's either not a problem (for example the application is not supposed to work with potentially hostile data - compilers, for example: if your code comes from hostile source the you have larger problems then bugs in the compiler) or it's a problem even if libraries are not bundled with it (because sooner or later bug will be found in the program itself).
to post comments)