The flip side is that the median C program has more first-party security bugs an... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		acdha 4 months ago \| parent \| context \| favorite \| on: Supply chain attacks are exploiting our assumption... The flip side is that the median C program has more first-party security bugs and likely has third-party bugs included as copies which will be harder to detect and replace. I remember years ago finding that a developer had copied something like a DES implementation but modified it so you had to figure out what they’d customized as part of replacing it.

jacquesm 4 months ago [–]

So far I have not found this to be the case. Usually stuff is fairly high quality and works for the use cases that I throw at it. Your example sounds like very risky behavior. That stuff is super hard to get exactly right.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact