I'm amused that the outcry about this GnuTLS flaw seems pretty muted, at least from what I've read, compared to the breathless "this is as bad as it gets" media coverage of Apple's similar "goto fail" flaw that was just publicized. And this is a security vulnerability in an important open source module that has potentially been around since 2005! That's like 75 years in Internet time!

Definitely a black eye for those who claim that open source software is inherently more secure JUST BECAUSE the source code is publicly available. OK, so if no one else reviews some printer driver code, I can understand that. But a major cryptographic module that "everyone" uses everyday? BIG black eye to the OS community.

And from some comments I've read, that module wasn't even written by people who truly understand crypto and how to properly implement crypto procedures anyway. Another big demerit in my opinion. Phil Zimmerman of PGP fame always emphasized that the proper IMPLEMENTATION of crypto algorithms and software so they interact with the operating system and other software in a secure manner was just as critical as selecting robust algorithms in the first place. I wouldn't trust much of the "security" software, particularly mobile apps, that are floating around these days, to be as secure as they claim.