• BestBouclettes
    link
    fedilink
    arrow-up
    14
    ·
    9 months ago

    It’s definitely freakish luck but at least it got found out. A closed source software would have gone through unnoticed.

    • vrighter@discuss.tchncs.de
      link
      fedilink
      arrow-up
      11
      ·
      9 months ago

      the fact that it was found by luck, not methodically, to me implies that there probably are other backdoors we didn’t get lucky with.

    • 0xtero@beehaw.org
      link
      fedilink
      arrow-up
      5
      ·
      9 months ago

      Or found out in corporate code review / pentest. We just don’t know. I get that we want to say FOSS is great due to the “many eyes/shallow bugs” thing, but that didn’t work for OpenSSL or log4j. The fact that it did now is great, but let’s not get carried away. It was just pure luck.