lemmyreader@lemmy.ml to linuxmemes@lemmy.worldEnglish · 9 months agoBackdoorslemmy.mlimagemessage-square43fedilinkarrow-up110arrow-down10file-textcross-posted to: autism@lemmy.world
arrow-up110arrow-down1imageBackdoorslemmy.mllemmyreader@lemmy.ml to linuxmemes@lemmy.worldEnglish · 9 months agomessage-square43fedilinkfile-textcross-posted to: autism@lemmy.world
minus-squareoce 🐆@jlai.lulinkfedilinkarrow-up0·9 months ago Crowd sourcing vulnerability analysis and detection doesn’t make open source software inherently more secure. It does, because many more eyes can find issues, as illustrated by this story. Closed source isn’t inherently bad, but it’s worse than open source in many cases including security. I think you’re the only one here thinking publishing PoC is bad.
minus-squareSquare Singer@feddit.delinkfedilinkarrow-up0·9 months agoBut this issue wasn’t found because of code analysis per se, but because of microbenchmarking.
It does, because many more eyes can find issues, as illustrated by this story.
Closed source isn’t inherently bad, but it’s worse than open source in many cases including security.
I think you’re the only one here thinking publishing PoC is bad.
But this issue wasn’t found because of code analysis per se, but because of microbenchmarking.