There is a tremendous amount of software created and maintained by Russian developers running on Windows, MacOS and Linux. One example would be NGinx which runs a good deal of websites on the internet. NGinx is now owned by F5 but still maintain the same developers. There is probably a better way to verify code, risk rank flaws and assign a level of trust. This should be an ongoing and ideally automated effort regardless of who is contributing code or hardware.
I personally would like to see AI be able to review entire code bases and see the bigger picture because state sponsored lawful intercepts are rarely one piece of code but rather require multiple pieces of code and sometimes hardware to work in conjunction to form the back door.
Yesterday I learned that a lot of crucial stuff in Postgres was developed by Russians (the list I saw was quite extensive). So if you run nginx+Postgres (like half the Internet?) then WinRAR is least of your concerns
How is that conclusion came to mind? Did they wrote the entire code in Russian or the code just don't run on Russian computers?
If you don't know, this is not even the first file compression related exploit. "Zip Slip"(0) for example, is just one year old, and there are many of them out there.
LinuxBender|2 years ago
I personally would like to see AI be able to review entire code bases and see the bigger picture because state sponsored lawful intercepts are rarely one piece of code but rather require multiple pieces of code and sometimes hardware to work in conjunction to form the back door.
kgeist|2 years ago
nirui|2 years ago
If you don't know, this is not even the first file compression related exploit. "Zip Slip"(0) for example, is just one year old, and there are many of them out there.
[Zip Slip]: https://nvd.nist.gov/vuln/detail/CVE-2022-21675
jwilk|2 years ago
xxpor|2 years ago
SillyUsername|2 years ago
The original author Eugene Roshal (iirc) isn't.
fomine3|2 years ago
unknown|2 years ago
[deleted]