Comment on Do you actually audit open source projects you download?
petersr@lemmy.world 5 days agoWhat if the software is just so flawlessly written that there are not CVEs?
/s
Comment on Do you actually audit open source projects you download?
petersr@lemmy.world 5 days agoWhat if the software is just so flawlessly written that there are not CVEs?
/s
corsicanguppy@lemmy.ca 5 days ago
I maintained an open-source app for many years. It leveraged a crypto library but allowed for different algos, or none at all for testing.
Some guy wrote a CVE about “when I disable all crypto it doesn’t use crypto”. So there’s that. It’s the only CVE we got before or during my time.
But even we got one.
petersr@lemmy.world 4 days ago
Oh damn, haha.