Comment on Do you actually audit open source projects you download?
petersr@lemmy.world 3 weeks agoWhat if the software is just so flawlessly written that there are not CVEs?
/s
Comment on Do you actually audit open source projects you download?
petersr@lemmy.world 3 weeks agoWhat if the software is just so flawlessly written that there are not CVEs?
/s
corsicanguppy@lemmy.ca 3 weeks ago
I maintained an open-source app for many years. It leveraged a crypto library but allowed for different algos, or none at all for testing.
Some guy wrote a CVE about “when I disable all crypto it doesn’t use crypto”. So there’s that. It’s the only CVE we got before or during my time.
But even we got one.
petersr@lemmy.world 3 weeks ago
Oh damn, haha.