1679
It's Open Source! (lemmy.dbzer0.com)
submitted 1 year ago* (last edited 1 year ago) by 001100010010@lemmy.dbzer0.com to c/memes@lemmy.ml

Not discrediting Open Source Software, but nothing is 100% safe.

you are viewing a single comment's thread
view the rest of the comments
[-] danc4498@lemmy.world 102 points 1 year ago

Open source software is safe because somebody knows how to audit it.

[-] andrew@lemmy.stuart.fun 43 points 1 year ago* (last edited 1 year ago)

And to a large extent, there is automatic software that can audit things like dependencies. This software is also largely open source because hey, nobody's perfect. But this only works when your source is available.

[-] damnthefilibuster@lemmy.world 6 points 1 year ago

Except when people pull off shit like Heartbleed.

[-] andrew@lemmy.stuart.fun 11 points 1 year ago

See my comment below for more of my thoughts on why I think heartbleed was an overwhelming success.

And you help make my point because openssl is a dependency which is easily discovered by software like dependabot and renovate. So when the next heartbleed happens, we can spread the fixes even more quickly.

[-] 018118055@sopuli.xyz 3 points 1 year ago

Enterprise software inventory can unfortunately be quite chaotic, and understanding the exposure to this kind of vulnerability can take weeks if not longer.

[-] AlexWIWA@lemmy.ml 20 points 1 year ago

It's safe because there's always a loud nerd who will make sure everyone knows if it sucks. They will make it their life mission

[-] lemminer@lemmy.world 5 points 1 year ago

Will that nerd be heard or be buried under the scrutiny?

[-] AlexWIWA@lemmy.ml 5 points 1 year ago

I'll listen to them because I love OSS drama. But you're right that they may just get passed over at large

[-] buckykat@lemmy.fmhy.ml 19 points 1 year ago

Also because those people who can audit it don't have a financial incentive to hide any flaws they find

[-] kbotc@lemmy.world 12 points 1 year ago

My very obvious rebuttal: Shellshock was introduced into bash in 1989, and found in 2014. It was incredibly trivial to exploit and if you had shell, you had root perms, which is insane.

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

this post was submitted on 07 Jul 2023
1679 points (92.9% liked)

Memes

45657 readers
688 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS