Kerberos flaw found...but no impact on Windows

Guess sometimes it pays not to be a *nix derivative:

https://zdnet.com.com/2100-1105_2-5343325.html

Apparently, the Windows implementation of Kerberos is not affected because we re-implemented it from scratch based on the MIT specification, rather than working from the original codebase that contains the flaw.

If a flaw can slip through the authentication protocol used by Solaris, Red Hat, Mandrake, OS X, etc., that pretty much eviscerates the “many eyes” theory that many advance as evidence that OSS is more secure than proprietary software. This is a pretty good reminder that even the best eyes will occasionally miss something.