The devastating Shellshock security flaw that was found in the open source Bourne Again Shell (Bash) UNIX shell highlights a major dilemma faced by all users of all software.

On the one hand, software that is tried, tested, proven and patched where necessary is likely to be more secure than a newly developed piece of software which has not been around long enough for the most serious bugs in it to be found. Security and leading edge software rarely go hand in hand.

But older software — especially software that predates the mass adoption of the Internet — may have been built without any notion of today’s security risks. That means they may include features which developers would never have built in if they could have foreseen today’s hostile computing environment.

Read the Full Article: Source – eSecurity Planet
http://www.esecurityplanet.com/open-source-security/is-shellshock-a-feature-not-a-bug.html

source not found