That would be a huge exploit/privacy risk.

heartbreak · on April 30, 2018

Right because that's what we say about the Linux kernel too, right? If IRS is the maintainer, they still review changes. And so do all of us. If someone slips in an exploit, we'll catch it the same way every other open source project does.

occams_chainsaw · on April 30, 2018

The kernel is an entirely different beast. The systems in question have been around three times longer, and have been closed from the start. A hardware caching issue bringing the whole thing down probably means it's closely tied into the hardware, and difficult to contribute to. Obscurity isn't security, but it may not be the best idea to pop the lid off everything at once in such a case.

DrScump · on April 30, 2018

Unless it's an exploit-able weakness that is discovered only because the source is open to be both read and tested against, like Heartbleed.

rbanffy · on May 1, 2018

I sincerely hope that machine is not accessible from the open internet.

danso · on April 30, 2018

How would it be a privacy risk, unless, the data files were included/embedded in the source code repo?

DrScump · on May 1, 2018

Heartbleed[0] is a perfect demonstration of such a real-world exploit risk.

[0] https://en.wikipedia.org/wiki/Heartbleed

fjsolwmv · on May 1, 2018

Is that why Google's and Amazon's linux kernels are constantly being exploited?

DrScump · on May 1, 2018

Heartbleed[0], it fact, was exploitable in the wild well before Neel Mehta of Google discovered and diagnosed it.

[0] https://en.wikipedia.org/wiki/Heartbleed