At least there have been attempts to subvert open standards for cryptography through the standards process. And occasional suspicious pull requests in critical places - I assume those are done through cut-out proxies so we don’t know who tried.
Like others have said. It’s a survivorship bias. So the meme has some weight. But it doesn’t make Foss any less secure than closed source. If anything it’s better to allow anyone to examine it. Similar to how secrets can’t be kept when large numbers of folks know, the same goes here I guess.
At least there have been attempts to subvert open standards for cryptography through the standards process. And occasional suspicious pull requests in critical places - I assume those are done through cut-out proxies so we don’t know who tried.
We definately know of some. NSA tried to slip a faulty rng algo into rsa a while back
https://blog.cloudflare.com/how-the-nsa-may-have-put-a-backdoor-in-rsas-cryptography-a-technical-primer/
Like others have said. It’s a survivorship bias. So the meme has some weight. But it doesn’t make Foss any less secure than closed source. If anything it’s better to allow anyone to examine it. Similar to how secrets can’t be kept when large numbers of folks know, the same goes here I guess.