@simplenomad @joshbressers @kurtseifried The simple conclusion from your discussion is that that backdoors like the XY hack are probably prevalent in closed source software and will not be discovered there.
Conversation
Notices
-
Embed this notice
Stuart Ward (xplora1a@mastodon.social)'s status on Thursday, 28-Nov-2024 22:05:36 JST 
Stuart Ward
-
Embed this notice
Josh Bressers (joshbressers@infosec.exchange)'s status on Thursday, 28-Nov-2024 22:05:36 JST 
Josh Bressers
@xplora1a @simplenomad @kurtseifried I’m not sure I would make such a brazen statement
But yes :)
-
Embed this notice
Simple Nomad (simplenomad@rigor-mortis.nmrc.org)'s status on Thursday, 28-Nov-2024 22:05:37 JST 
Simple Nomad
Just listened to @joshbressers and @kurtseifried on the #osspodcast discussing the openness of open source in the context of security, and I must say that the idea of ever working for an employer that ships closed source software is something I could never do again. Going to work at GitLab was rather freeing - there is no "barely stating truth" when disclosing bugs because the source code tells the truth. Every employer before that, even many that shipped security software, were so strict in the wording of disclosures that they were basically exercises in "truthiness" more than anything else. Good episode, Josh and Kurt.
-
Embed this notice
All GNU social JP content and data are available under the