Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You get what you paid for. Please don't blame, bully or in any way personally attack the authors - they are not obliged to make changes to their (insecure) code that has been provided as-is.


This argument doesn't hold because paid cryptography libraries aren't any better and equally provide their code as-is.


Trail of Bits is charging hefty sums for audits. I suppose they could provide some patches.


> He immediately created a security-fix branch and collaborated with Trail of Bits to develop stronger protection for his users.

They are willing to collaborate on fixes.


Patches are a good starting point, and Trail of Bits may have provided them, however they would still need dev time to review, approve, and roll-out...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: