My question is about the community response to Shellshock.
What improvements were made in either the Linux development cycle or in the recommendation to its users to prevent something like Shellshock/Heartbleed from happening again?
My question is about the community response to Shellshock.
What improvements were made in either the Linux development cycle or in the recommendation to its users to prevent something like Shellshock/Heartbleed from happening again?
I don't believe any improvements were made to the Linux development cycle in response to ShellShock. As "the vulnerabilities had existed since version 1.03 of Bash released in September 1989" (Wikipedia), it's not considered a current development cycle issue. (And insofar as it is, it's a universal lesson: "don't write buggy code, and find it if you do", that everyone tries and fails to learn).
The recommendation to users was: patch. That was the last recommendation before that, and will be the first recommendation on the next bug. In a world where software is imperfect, patching promptly is the best defense.