# Hiding Vulnerabilities in Source Code



## Mr. Salty (Nov 2, 2021)

.


----------



## mark_j (Nov 2, 2021)

Chances of this in curated software: close to zero.
Chances of this being run by your browser via some hideously large javascript: close to absolute.


----------



## grahamperrin@ (Nov 3, 2021)

Also: 









						"Trojan Source" Bug threatens the Security of all code
					

Opinions? https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/




					forums.freebsd.org


----------



## ct85711 (Nov 3, 2021)

Frankly, this kind of "issue" a minor thing, that is dependent on the character encoding.  Switching to another character map, like a non UTF-* character map would reveal the issue.  If anything, you can more easily get the Trojan Source/Horse portion  in the languages like JS/Rust/Python that use a repository to spread packages around (like it has already been done and proven).


----------

