Heartbleed is the only counter example anyone needs to know that open source isn’t perfect. Intelligence agencies were likely sucking up encrypted traffic because nobody was paying attention to the most commonly used TLS library in the world
Sure, open source isn’t perfect. No software of any reasonable size is. Anyone claiming otherwise is an idiot and should be ignored. And yeah sure, heartbleed vuln existed for 2 years before discovery. But don’t forget the NSA held onto the EternalBlue vuln for over 5 years before the shadowbrokers leaked their tools.
Heartbleed is the only counter example anyone needs to know that open source isn’t perfect. Intelligence agencies were likely sucking up encrypted traffic because nobody was paying attention to the most commonly used TLS library in the world
Sure, open source isn’t perfect. No software of any reasonable size is. Anyone claiming otherwise is an idiot and should be ignored. And yeah sure, heartbleed vuln existed for 2 years before discovery. But don’t forget the NSA held onto the EternalBlue vuln for over 5 years before the shadowbrokers leaked their tools.