• CameronDev@programming.dev
    link
    fedilink
    arrow-up
    198
    arrow-down
    2
    ·
    9 months ago

    To be fair, we only know of this one. There may well be other open source backdoors floating around with no detection. Was heartbleed really an accident?

    • lemmyreader@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      101
      arrow-down
      1
      ·
      9 months ago

      True. And the “given enough eyeballs, all bugs are shallow” is a neat sounding thing from the past when the amount of code lines was not as much as now. Sometimes it is scary to see how long a vulnerability in the Linux kernel had been there for years, “waiting” to be exploited.

      • RecluseRamble@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        74
        arrow-down
        3
        ·
        9 months ago

        Still far better than a proprietary kernel made by a tech corp, carried hardly changed from release to release, even fewer people maintain, and if they do they might well be adding a backdoor themselves for their government agency friends.

    • xenoclast@lemmy.world
      link
      fedilink
      arrow-up
      36
      arrow-down
      1
      ·
      9 months ago

      Yeah he didn’t find the right unmaintained project. There are many many many cs undergrads starting projects that will become unmaintained pretty soon.