Not discrediting Open Source Software, but nothing is 100% safe.

  • andrew@lemmy.stuart.fun
    link
    fedilink
    English
    arrow-up
    43
    ·
    edit-2
    1 year ago

    And to a large extent, there is automatic software that can audit things like dependencies. This software is also largely open source because hey, nobody’s perfect. But this only works when your source is available.

      • andrew@lemmy.stuart.fun
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        See my comment below for more of my thoughts on why I think heartbleed was an overwhelming success.

        And you help make my point because openssl is a dependency which is easily discovered by software like dependabot and renovate. So when the next heartbleed happens, we can spread the fixes even more quickly.

        • 018118055
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Enterprise software inventory can unfortunately be quite chaotic, and understanding the exposure to this kind of vulnerability can take weeks if not longer.