I’ve taken part in a zillion discussions about pros and cons of open source versus closed source. One of the strongest arguments in favour of open sources is that anyone have access to the source and can inspect and fix it. Not everyone does it, but everyone can do. One of the examples used to illustrate this is software vendor adding a backdoor to the software in question. When a product is open source, there is an easy way of finding this backdoor and making sure it’s taken out. There ways, of course, to find such backdoors in closed source applications. But it is way more difficult to make sure that they stay out. Why do I suddenly talk about this?
There is an interesting discussion at Slashdot.org regarding a recently discovered backdoor in some Cisco products. Cisco products are widely used and are usually running in business-oriented environments (check the prices). Now, it appears, that there is a default username/password pair present in some of the products that cannot be disabled or changed. Cisco has released a fix that, they say, is fixing the problem. Can you trust them?
Open source has it’s problems, but this one is not one of them, for which I’m glad. If I remember correctly, there was a similar problem discovered with PostgreSQL when it went open source. How many others are there? How do you know?