OpenSSH is solid piece of software. It hasn't had any (public) authentication bypasses that wasn't configuration related since it started to look like it looks today. Multiple skilled teams have looked at it thoroughly since. It has also been hardened with things like privsep and sandboxing.
This is not OpenSSL. Language alone does not make a product insecure. For practical purposes it is certainly not just a matter of when.
Contrast that with your VPN product, which probably falls over if someone looks at it funnily. Unless your product is called Wireguard, and we are ten years in the future, perhaps.
This is not OpenSSL. Language alone does not make a product insecure. For practical purposes it is certainly not just a matter of when.
Contrast that with your VPN product, which probably falls over if someone looks at it funnily. Unless your product is called Wireguard, and we are ten years in the future, perhaps.