> Also I haven't seen any discovered backdoor/vulnerability on widespread open source product yet.
One could argue that the Debian SSL issue[0] would qualify as such a backdoor/vulnerability, although I don’t want to argue that it was introduced maliciously, merely that it could have been introduce with such intentions.
One could argue that the Debian SSL issue[0] would qualify as such a backdoor/vulnerability, although I don’t want to argue that it was introduced maliciously, merely that it could have been introduce with such intentions.
[0] http://www.debian.org/security/2008/dsa-1571