|
|
|
|
|
|
by stefan_
2207 days ago
|
|
|
It's "part of ARM" like random Java projects become "part of the Apache foundation". Its reputation is the unmistakable ability to always fall on the side of broken/unmitigated whenever someone discovers another TLS protocol problem, apart from a history of the usual code execution and memory safety issues (the latter, of course, extremely difficult to mitigate on anything that has the name "embedded"). And if that doesn't scare you, think about how these libraries are used on embedded devices. People who think they can seed the CSPRNG of their TLS library with rand() and if it connects to google, everything is ok, ship it. |
|
|
I'm not disagreeing with you here, I just want to prevent the stuff I made on from being features on @internetofshit twitter and similar places