IMO it’s not entirely orthogonal. One of the main benefits (from a security pers... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nicoburns on Sept 27, 2022 \| parent \| context \| favorite \| on: WhatsApp Remote Code Execution in Video Call IMO it’s not entirely orthogonal. One of the main benefits (from a security perspective) of open sourcing your app is to allow it to be audited more thoroughly. But even with that kind of auditing it’s hard to make thing secure in non memory safe languages. If you have both, then we might expect open sourcing to more reliably lead to an actually secure app.

UncleMeat on Sept 28, 2022 [–]

I don't understand. Is the idea that memory errors are too hard to find but that once we've eliminated them at the language level that now auditors can review OSS projects effectively to verify that they are free of vulns? log4j should be a very clear example of how that'll fall over.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact