Tbh I think that a major nation state’s national security agency should probably run something like this (publicly, with open source) and see if it’s a good tactic for use in the future against major bugs. They should also not use it to gain a foothold in their networks, but show that their defensive mission matters.
It’s not really possible for a private company to do this kind of thing, but I think a state security agency could.
How would you audit that their server is actually executing the open-source code that they say they are? The incentive for said server to, in certain cases or when detecting certain networks, also install a silent and subtle payload for future backdoor access (which every nation state has in its back pocket for a moment like this) is phenomenally high.
5 comments
[ 3.0 ms ] story [ 19.5 ms ] threadIt’s not really possible for a private company to do this kind of thing, but I think a state security agency could.
As long as it doesn't break stuff i guess you are unlikely to be sued.