Hacker News new | ask | show | jobs
by MaxBarraclough 2251 days ago
Very true, but OpenSSL in particular is rather infamous. Unfortunate given that so much relies on it. https://news.ycombinator.com/item?id=7556407
2 comments
rmdashrfstar 2251 days ago
This is why the assumption that “open source code is more likely to be closely audited for vulnerabilities” is not true (even for incredibly core/important projects with a wide scope) and is potentially dangerous to rely on.
link
tal8d 2251 days ago
> This is why the assumption that “open source code is more likely to be closely audited for vulnerabilities” is not true...

That is a safe assumption, otherwise you'd have to believe that non-open source code is more closely audited - at greater expense, because businesses secretly prioritize security.

link
ngcc_hk 2251 days ago
It is not 100% and always. But practically. Especially unexpected leak.
link
chupasaurus 2251 days ago
Shellshock still outperforms any security issue of OpenSSL in terms of time in the wild.
link