top | item 47109673

(no title)

You get what you paid for. Please don't blame, bully or in any way personally attack the authors - they are not obliged to make changes to their (insecure) code that has been provided as-is.

discuss

mmsc|8 days ago

This argument doesn't hold because paid cryptography libraries aren't any better and equally provide their code as-is.

exo762|8 days ago

Trail of Bits is charging hefty sums for audits. I suppose they could provide some patches.

Hendrikto|8 days ago

> He immediately created a security-fix branch and collaborated with Trail of Bits to develop stronger protection for his users.

They are willing to collaborate on fixes.

phoronixrly|8 days ago

Patches are a good starting point, and Trail of Bits may have provided them, however they would still need dev time to review, approve, and roll-out...