Not discrediting Open Source Software, but nothing is 100% safe.

    • andrew@lemmy.stuart.fun
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      See my comment below for more of my thoughts on why I think heartbleed was an overwhelming success.

      And you help make my point because openssl is a dependency which is easily discovered by software like dependabot and renovate. So when the next heartbleed happens, we can spread the fixes even more quickly.

      • 018118055@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Enterprise software inventory can unfortunately be quite chaotic, and understanding the exposure to this kind of vulnerability can take weeks if not longer.