80
submitted 7 months ago by otto@programming.dev to c/technology@lemmy.ml

The XZ Utils backdoor, discovered last week, and the Heartbleed security vulnerability ten years ago, share the same ultimate root cause. Both of them, and in fact all critical infrastructure open source projects, should be fixed with the same solution: ensure baseline funding for proper open source maintenance.

top 4 comments
sorted by: hot top controversial new old
[-] breakingcups@lemmy.world 16 points 7 months ago

Fuck me, ten years already?

[-] Turbo@lemmy.ml 6 points 7 months ago

Thinking the same thing. WTF

[-] darkpanda@lemmy.ca 7 points 7 months ago

I wouldn’t say quite the same root cause — the xz back door was clearly intentional, but I don’t recall the Heartbleed bug having been intentional, and developer responsible has denied allegations to that effect. There can be no doubt in the xz case of malicious intent.

[-] Ptsf@lemmy.world 1 points 7 months ago* (last edited 7 months ago)

Hear me out. What if instead we just included a respected developers open-source project into our multi billion dollar product, paid them nothing, and gave them the pressure of ensuring it's working for millions of users at the threat of their reputation until their mental health is in shambles? 🤔

this post was submitted on 07 Apr 2024
80 points (88.5% liked)

Technology

34987 readers
179 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS