[ianm218]

Hmm I view open source as purely positive sum. Valkey was forked from Redis in the first place.

But this is more about memory safety - you can have immense respect for the giants who built these tools but also be worried that memory safety might become an even bigger deal. If someone found a memory zero day in nginx or openSSL for example that is a very big deal!

I think this is one strategy we should look into, hopefully people in the C community look into other options like project Glasswing/ next generation fuzzers etc. When the world of security is changing so fast it is good to get a lot of shots on net.

[0x000xca0xfe]

And what if someone gets pwned by a bog standard logic or input validation bug in your slopped together "nginx" that is not present in the original?

[pixl97]

And what if they get owned by a memory safety issue that's in the original and not the rewrite?

I know many of these projects have been around for years but it's time for developers to put on their big boy panties and start taking memory safe languages seriously. Watching the same attacks again and again for 30 years is getting droll.

[ianm218]

If someone is running projects with a big "alpha" tag in production, exposed to the web they very well might get pwned haha!