this post was submitted on 30 Mar 2024
6 points (100.0% liked)

linuxmemes

20688 readers
1170 users here now

I use Arch btw

Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
poopsmith@lemmy.world
zephyr@lemmy.world
6
Backdoors (lemmy.ml)
submitted 5 months ago by lemmyreader@lemmy.ml to c/linuxmemes@lemmy.world
18 comments fedilink hide all child comments
 

https://wetdry.world/@cyrus/112186279067271067

you are viewing a single comment's thread
view the rest of the comments
[–] oce@jlai.lu 0 points 5 months ago* (last edited 5 months ago) (4 children)

If your security relies on hidden information then it's at risk of being broken at any time by someone who will find the information in some way. Open source security is so much stronger because it works independently of system knowledge. See all the open source cryptography that secures the web for example.
Open source poc and fix increases awareness of issues and helps everyone to make progress. You will also get much more eyes to verify your analysis and fix, as well as people checking if there could other consequences in other systems. Some security specialists are probably going to create techniques to detect this kind of sophisticated attack in the future.
This doesn't happen with closed source.
If some system company/administrator is too lazy to update, the fault is on them, not on the person who made all the information available for your to understand and fix the issue.

[–] prettybunnys@sh.itjust.works 0 points 5 months ago (2 children)

Crowd sourcing vulnerability analysis and detection doesn’t make open source software inherently more secure.

Closed source software has its place and it isn’t inherently evil or bad.

This event shows the good and bad of the open source software world but says NOTHING about closed source software.

[–] oce@jlai.lu 0 points 5 months ago (1 children)

Crowd sourcing vulnerability analysis and detection doesn’t make open source software inherently more secure.

It does, because many more eyes can find issues, as illustrated by this story.

Closed source isn't inherently bad, but it's worse than open source in many cases including security.

I think you're the only one here thinking publishing PoC is bad.

[–] squaresinger@feddit.de 0 points 5 months ago

But this issue wasn't found because of code analysis per se, but because of microbenchmarking.

load more comments (1 replies)