Why can't these billion-dollar companies create a consortium to make a systematic audit of such code from start to finish? They'd all benefit enormously.
Oh, that's actually simple to answer. To the very last man, they'd all rather die than do anything that helps their competition even one tiny bit, even if they would have come out well ahead in the end. They simply don't buy into the old "a rising tide raises all ships" adage, and they're not interested enough in benevolent gestures to even invest serious time finding out it's true.
by Anonymous Coward writes:
on Tuesday September 05, 2017 @10:53PM (#55145859)
No. The answer to the question is that the ones most effected by an exploit are not IT companies. They are businesses that build, buy, and use applications. Well known OS and other low level infrastructure components are assumed to be reliable and if a problem does occur they will kick the problem up to where they got it and depend on someone fixing the problem for them. There are not many corporations who will fund a group of in-house OS developers who sit around scrolling through source code. Counting on the existing in-house application developers to perform these types of duties is also a non-starter. Application and OS or low level component development require two entirely different skillsets.
You'd think they'd put their money to good use! (Score:0)
Why can't these billion-dollar companies create a consortium to make a systematic audit of such code from start to finish? They'd all benefit enormously.
Re: (Score:2)
Oh, that's actually simple to answer. To the very last man, they'd all rather die than do anything that helps their competition even one tiny bit, even if they would have come out well ahead in the end. They simply don't buy into the old "a rising tide raises all ships" adage, and they're not interested enough in benevolent gestures to even invest serious time finding out it's true.
Re:You'd think they'd put their money to good use! (Score:0)
No. The answer to the question is that the ones most effected by an exploit are not IT companies. They are businesses that build, buy, and use applications. Well known OS and other low level infrastructure components are assumed to be reliable and if a problem does occur they will kick the problem up to where they got it and depend on someone fixing the problem for them. There are not many corporations who will fund a group of in-house OS developers who sit around scrolling through source code. Counting on the existing in-house application developers to perform these types of duties is also a non-starter. Application and OS or low level component development require two entirely different skillsets.