@JohnDal #Solaris doesn't count as it's been #CCSS (#Oracle killed #OpenSolaris and outside of #NAS-Appliances from like #Nexenta, #illumos is a rounding error!) as any halfassed #Linux distro does at least some sort of #PackageManagment and/or #PatchManagment - even the most used #toybox+#musl / #Linux distro we all know as #Android...
#FLOSS allows for timely identification of issues, fast workarounds and fixes because it's not reliant on a single entity to admit the problem and fix it!
https://infosec.space/@kkarhan/112814416589769646
@[email protected] @[email protected] I disagree, as all such #SupplyChainAttacks are merely based upon lack or #reviewers and lack of #funding.
- Whereas with #CCSS you have no independent auditability as with #FLOSS and *everything* is a *"#TrustMeBro!"* approach, which *ALL* the #GAFAMs, #PRISM-Collaborators, #CloudAct subjects and willingful #Govware integrators have forfeilt by their actions!
Not to mention it's easier and faster to fix #FOSS as well as the #diversity of systems mitigate said issues (i.e. #dropbear was affected by *neither* #RegreSSHion #XZ's #backdoor, likely preventing another #Mirai-Style #Botnet from being created...
- Instead of shoving money into buying #CSS Governments should instead provide proper fundibg to #OSS, instead of wasting it on #HypeBasedDevelopment / #BuzzwordDrivenDevelopment like #Zensursula's @[email protected] does with garbage like *"#AI"*...
After all, these issues are systemic, and denying the root cause is turning a blind eye at the obvious fix!
Kevin Karhan 