If they really want sound cybersecurity then China's resources and mathematical talent should really been invested in formally verified software like the seL4 microkernel and servers in languages like ATS or F*.
Open source code isn't enough. Bugs and backdoors go hidden for years in a culture that just doesn't want to look down and accept reality. Concrete is made and trusted based on a mathematical formula and software should be the same.
"So I personally consider security bugs to be just "normal bugs". I don't cover them up, but I also don't have any reason what-so-ever to think it's a good idea to track them and announce them as something special." Linus Torvalds
I get the realities of open source projects but the whole industry built on top of it feels so haphazard. It's not related to the Linux kernel which is fairly sound when only running a server but Log4Shell has left a really bad taste in my mouth when it comes to the commercial exploitation of code mostly developed and maintained by volunteers.
If they really want sound cybersecurity then China's resources and mathematical talent should really been invested in formally verified software like the seL4 microkernel and servers in languages like ATS or F*.
Open source code isn't enough. Bugs and backdoors go hidden for years in a culture that just doesn't want to look down and accept reality. Concrete is made and trusted based on a mathematical formula and software should be the same.
deleted by creator
"So I personally consider security bugs to be just "normal bugs". I don't cover them up, but I also don't have any reason what-so-ever to think it's a good idea to track them and announce them as something special." Linus Torvalds
deleted by creator
I get the realities of open source projects but the whole industry built on top of it feels so haphazard. It's not related to the Linux kernel which is fairly sound when only running a server but Log4Shell has left a really bad taste in my mouth when it comes to the commercial exploitation of code mostly developed and maintained by volunteers.
deleted by creator
Better but not necessarily adequate. Very difficult to make to the case to manager who pretend there is some free market competition in software.
deleted by creator
All of it boils down to the mythical tech support which is suppose to resolve any and all issues with understaffing. Added missing words sorry.