|
|
|
|
|
|
by ColanR
2301 days ago
|
|
|
> Its another thing entirely to suggest that major platforms in use today are sponsored by state actors willing and able to introduce vulnerabilities without proof. I think the Crypto AG story is sufficient proof of itself to look with suspicion at all related open source projects. In situations where there are known bad actors and we are dependent on security, we should look with suspicion unless we know better. "Insecure until proven secure" is probably a good motto. |
|
|
So just always insecure, as no amount of testing can guarantee there isn't some heartbleed like bug in there still.