←back to thread

Cryptographic Issues in Cloudflare's Circl FourQ Implementation (CVE-2025-8556)

(www.botanica.software)
159 points botanica_labs | 1 comments | 22 Oct 25 14:22 UTC | HN request time: 0.214s | source
Show context
Rygian ◴[22 Oct 25 15:35 UTC] No.45670722[source]
Here's an idea, from a parallel universe: Cloudflare should have been forced, by law, to engage a third party neutral auditor/pentester, and fix or mitigate each finding, before being authorised to expose the CIRCL lib in public.

After that, any CVE opened by a member of the public, and subsequently confirmed by a third party neutral auditor/pentester, would result in 1) fines to Cloudflare, 2) award to the CVE opener, and 3) give grounds to Cloudflare to sue their initial auditor.

But that's just a mental experiment.

replies(6): >>45670816 #>>45670838 #>>45671337 #>>45671605 #>>45672140 #>>45672495 #
1. qeternity ◴[22 Oct 25 17:37 UTC] No.45672495[source]
People really just go on the internet and say stuff.

Code is speech. Speech is protected (at least in the US).