Not discrediting Open Source Software, but nothing is 100% safe.

  • andrew@lemmy.stuart.fun
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    See my comment below for more of my thoughts on why I think heartbleed was an overwhelming success.

    And you help make my point because openssl is a dependency which is easily discovered by software like dependabot and renovate. So when the next heartbleed happens, we can spread the fixes even more quickly.

    • 018118055@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Enterprise software inventory can unfortunately be quite chaotic, and understanding the exposure to this kind of vulnerability can take weeks if not longer.