• 0xtero@beehaw.org
    link
    fedilink
    arrow-up
    24
    ·
    9 months ago

    I don’t think this one counts as a big win to be honest It was just freakish luck

    • BestBouclettes
      link
      fedilink
      arrow-up
      14
      ·
      9 months ago

      It’s definitely freakish luck but at least it got found out. A closed source software would have gone through unnoticed.

      • vrighter@discuss.tchncs.de
        link
        fedilink
        arrow-up
        11
        ·
        9 months ago

        the fact that it was found by luck, not methodically, to me implies that there probably are other backdoors we didn’t get lucky with.

      • 0xtero@beehaw.org
        link
        fedilink
        arrow-up
        5
        ·
        9 months ago

        Or found out in corporate code review / pentest. We just don’t know. I get that we want to say FOSS is great due to the “many eyes/shallow bugs” thing, but that didn’t work for OpenSSL or log4j. The fact that it did now is great, but let’s not get carried away. It was just pure luck.