A backdoor is very distinct from a vanilla vulnerability. Heartbleed was a vulnerability, meaning the devs made a mistake in the code, introducing a method of attack. XZ was backdoored, meaning a malicious actor intentionally introduced a method by which he could exploit systems.
Both are pretty serious vulnerabilities, but a backdoor, especially introduced so high in the supply chain, would have been devastating had it not been caught so early.
Puh-lease. At least Heartbleed made it into production at enormous scale.I stand corrected.
A backdoor is very distinct from a vanilla vulnerability. Heartbleed was a vulnerability, meaning the devs made a mistake in the code, introducing a method of attack. XZ was backdoored, meaning a malicious actor intentionally introduced a method by which he could exploit systems.
Both are pretty serious vulnerabilities, but a backdoor, especially introduced so high in the supply chain, would have been devastating had it not been caught so early.
CVE score of heartbleed was 7.5, the score of this XZ backdoor is 10…
Heartbleed was the result of an accidental buffer overread bug, not a backdoor.