freenode.logbot.info/grapheneos-off
This whole conversation (starts earlier) explains pretty well why I'm not a believer in throwing money at a project like OpenSSL and expecting that to make it more reliable/secure.
It's primarily a culture problem and more resources means even more code.
Conversation
Replying to
Would paying people to do nothing but fix syzbot bugs help the security of Linux?
1
1
Replying to
It wouldn't fix the architecture, tooling and culture creating insecure and unreliable software. It's just like piling on weak mitigations. The difference made by finding and fixing bugs is far more substantial if the serious ones are only in 5% of the code with less complexity.
1
2
Show replies

