The latest Flash vulnerability and monoculture

Perry E. Metzger perry at
Sun Jul 26 23:20:32 EDT 2009

Jerry Leichter <leichter at> writes:
> While I agree with the sentiment and the theory, I'm not sure that it
> really works that way.  How many actual implementations of typical
> protocols are there?

I'm aware of at least four TCP/IP implementations in common use, several
common HTTP servers (though there are far more uncommon ones), at least
four or six common web browsers (depending on whether you count the
several that use webkit as a single implementation or not), a half dozen
jpeg libraries, three different opentype implementations, etc., etc.

> One way or another, a single implementation usually wins out in the
> OSS community.

See above -- even counting only open source, we have *many*
implementations. Heck, there are even multiple independent open source
SSL, SSH and PGP implementations.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list