• Square Singer@feddit.de
    link
    fedilink
    arrow-up
    0
    ·
    8 months ago

    The only real downside on the open source side is that the fix is also public, and thus the recipe how to exploit the backdoor.

    If there’s a massive CVE on a closed source system, you get a super high-level description of the issue and that’s it.

    If there’s one on an open source system, you get ready-made “proof of concepts” on github that any script kiddy can exploit.

    And since not every software can be updated instantly, you are left with millions of vulnerable servers/PCs and a lot of happy script kiddies.

    See, for example, Log4Shell.