alt Hacker NewsIt's crazy to me how just a year or so after xz people were willing to say "sure I'll take this giant black box so unauditable that even it's creators don't really know what's in it and run all my data through it"
It's crazy to me how just a year or so after xz people were willing to say "sure I'll take this giant black box so unauditable that even it's creators don't really know what's in it and run all my data through it"
I'm guessing it ultimately comes down to the legal / financial / career incentives.
My impression is that the market currently rewards visible software functionality with little concern for invisible risk.
If we flipped the script, and investors were personally, criminally, and civilly liable for computer breaches, I imagine this problem would disappear almost overnight.