Hacker News new | ask | show | jobs
by _pmf_ 2251 days ago
> People just aren't auditing random code on github for fun

No, just the important code that everyone is running.
3 comments
iforgotpassword 2251 days ago
You don't have to audit that. It's so popular, someone else must have done a thorough review already!
link
josefx 2251 days ago
Afaik it had the opposite effect for OpenSSL. Not only was the code so bad that it would crash if ran with a secure malloc implementation. Due to being free and open source nobody felt the need to donate[1], with only one developer employed to work on it full time.

[1] https://arstechnica.com/information-technology/2014/04/tech-...

link
_pmf_ 2250 days ago
Well. eventually someone looked at it. And probably Heartbleed has been used a long time before it was published.
link
fnord123 2251 days ago
I have to confess that I have run afl on random code on github.
link