Hm i never coded a line in my life, but i always wondered so honest question to the experts here: is it realistic that someone codes security back doors so hidden in other bad or wrong documented code, that nobody recognizes it in OSS community? I mean code is getting more complicated and specialized, dont you need more and more human resources (more than one person and hopefully not all with a bad intention) to check over that code? If im correct you shouldnt let more code into your software than the community is able to check an validate several times… Doesnt mean it has to be russians that need to be excluded idk
Hm i never coded a line in my life, but i always wondered so honest question to the experts here: is it realistic that someone codes security back doors so hidden in other bad or wrong documented code, that nobody recognizes it in OSS community? I mean code is getting more complicated and specialized, dont you need more and more human resources (more than one person and hopefully not all with a bad intention) to check over that code? If im correct you shouldnt let more code into your software than the community is able to check an validate several times… Doesnt mean it has to be russians that need to be excluded idk