Comment by Twirrim
2 hours ago
Not sure why you're getting downvoted, this is the entire point of open source.
Does such a bug exist in Windows? OSX? Who checks? If someone finds the key in memory, can they tell what conditions might be causing it and where?
Their only recourse under those situations is to hand it off to the OS Vendor and trust that what they implement does solve the problem, and trust that it wasn't a deliberate back-door that is now being replaced by another back-door.
Security researchers find security bugs in closed source operating systems all of the time.
Yup, it’s just harder to know for sure.
Oh, and large companies quite often fix these horrific issues silently, especially in online services where the customer can't diff bins. We're talking auth bypasses and RCE's that you'll never know about.