Embargoes

Posted Jul 5, 2025 16:10 UTC (Sat) by anton (subscriber, #25547)
In reply to: Embargoes by mb
Parent article: Libxml2's "no security embargoes" policy

No. Installing a backdoor requires a lot of effort, and the ones installing the backdoor have many incentives to secure the access to the backdoor: In particular, they don't want random attackers to use the backdoor for their purposes which may draw attention to the back door or may prevent access directly (e.g., if the random attackers encrypt the target system).

So no, even with information about the back door being public knowledge, only the back door installers can exploit it. Case in point: From what I have read, no security researcher has managed to enter through the xz backdoor yet.