Hacker News new | past | comments | ask | show | jobs | submit login

To be fair, so could closed source code.

The difference in this case is that a guy was running perf tests against postgres and noticed his ssh was slow, so he dove into that and found the backdoor a couple days after it was pushed.

If you had to submit 'my ssh daemon is slow' to a third party it would get put on the pile with the rest of them




Hmm, well they never find these kinds of attacks in closed source code. OTOH they never find these kinds of attacks in closed source code!


Closed source is a little tougher: Often you need to get a job somewhere in their organization or supply chain.


Or find a security vulnerability in their network, say a poorly secured FTP server as per SolarWinds.


And then you wouldn't have random people discovering it! It could even be covered up indefinitely.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: