Google managed to backdoor Linux and Firefox with their “FOSS” libWebp. Took literally years until some security researcher not affiliated with any of them found the bug by chance and made a public report, and by then it had already been explited by NSO for ages. If they had worked for Google (or Apple/Microsoft/Amazon/any of the other corporations that just imported Google’s libWebp code without looking at it) they would have gotten silenced and the exploit would still be there as a gift to Israel. Turns out just because it’s auditable doesn’t mean it gets audited before it’s too late.
And so have countless closed-source developers/companies/applications. A vulnerability existing does not change the fact that FOSS projects should be funded more.
Google managed to backdoor Linux and Firefox with their “FOSS” libWebp. Took literally years until some security researcher not affiliated with any of them found the bug by chance and made a public report, and by then it had already been explited by NSO for ages. If they had worked for Google (or Apple/Microsoft/Amazon/any of the other corporations that just imported Google’s libWebp code without looking at it) they would have gotten silenced and the exploit would still be there as a gift to Israel. Turns out just because it’s auditable doesn’t mean it gets audited before it’s too late.
And so have countless closed-source developers/companies/applications. A vulnerability existing does not change the fact that FOSS projects should be funded more.