undefined | Better HN

0 pointselmigranto9y ago0 comments

>>how often do you audit source code?

>You would be surprised!

It doesn't really matter if you do. OpenSSL is one example showing there are critical mistakes of grand level everywhere, same as there might be cleverly hidden backdoor in that multi-100k source tree (or any of the myriad of dependencies) you "audited".

0 comments

1 comments · 1 top-level

riboflava9y ago

It's still a lot better than not having the source. There are tons of other benefits too. The one downside is CPU cost to compile everything yourself.

j / k navigate · click thread line to collapse