A vast majority of the internet runs on open source software. Open source software is provided free of charge with the underlying code publicly available. It’s an amazing model that has helped the internet evolve into the driving force it is today. But behind open source software is humans writing code non-stop. These humans are prone to accidents. I know first hand, because I am one of these humans and have made mistakes over my almost 3 decades of programming. But that’s the beauty of open source software. Instead of these glitches being hidden in compiled code, which isn’t human readable, others have the ability to give peer review of the code, spot bugs and suggest fixes.
So last week, when reports came out that the NSA knew of this bug for a couple of years, that was very alarming. The government did claim that they never exploited it to gain access, and even if that is true the fact that they knew about the bug and refused to report it or try to get it fixed is enough thoroughly piss me off.
If someone in the NSA was able to spot this bug, then I’m sure people working in other governments were able to do the same thing. And spotting the bug isn’t limited to them. Remember, this is open source software, where anyone can view the code. So how about some Russian hackers? I wonder how many people have had their bank accounts or credit cards stolen because of this security hole.
The NSA’s job is to protect America. Instead they have ignored that and decided to keep our information and interests vulnerable to enemies. Why? Because of pure laziness. They apparently wanted a way to easily gain access to encrypted data, and Heartbleed was that way. Instead of having to do a little extra work to gain access to interests of national security, they chose to leave the personal and financial information of this entire country vulnerable to the bad guys overseas.
Wiretapping aside, the NSA has now failed this country by ignoring the very key of their mission. For that, someone should be made to answer and things need to change because the next oversight by a programmer, hammering out code for hours on end, could cause much more havoc than Heartbleed.