Open source awareness article

just saw this article and thought it raises important trust issue mostly about forks.
four years to find issues](

1 Like

How many years to find issues in closed source? Bet you half a dollar it is a much longer time, than four years.


MS : Open source is evil, Linux is a cancer !
MS : Wait, no… we love open source projects !
MS : See ? we bought github, now we are in control of numerous open source projects integrity
MS : Lets make stats about open source projects to show how shitty they are, but… to improve them ! (thx to zdnet for the contribution)

Next step : security layer offered by MS ? no thx.

The problem is not about open source or forks, it’s about complexity of the computer tool

There are lists of vulnerabilities found older than 10 years in both open and closed sources


what ?
who is to say that the ones doing the security audits immediately report on issues they find ?
might be a case with >

1 Like

just gives me a greater belief in Purism as its so young and dedicated not some bloated monolith like Ios or MS

I think people see what they want to see. As has been addressed time and time again here, open source is not some magic cure all, and never will be.

It all boils down to trust for 99.9% of the world’s population.

For 99% its belief, not trust, trust can afford only those who understand the risks

This isn’t about trust though. This is about the practical matter of how long it takes to spot a bug (in open source software), and how much longer that time is than the time to fix it once it is spotted.

The researcher has a clear conflict of interest and perhaps that ought to be declared. Regardless though, let’s take the research at face value - and take it as an opportunity to do better.

Obviously the best vulnerability is the one that didn’t exist in the first place i.e. higher quality, defect-free code to start with.

This isn’t really a comparison of “closed source” v. “open source”. None of us will ever be able to spot a bug in Microsoft’s closed source software, not in the lifetime of the universe. The article presents no data for closed source software, Microsoft or otherwise.

In some respects it is easier to find a bug in open source software. It then comes down to whether the finder is black hat or white hat. That attracts security researchers to open source software, as a more productive exercise. That doesn’t mean that closed source software is defect free. It just means that security researchers are less likely to find bugs in closed source software. Security researchers are assumed to be white hat. However black hats are out there, no doubt keeping their closed source software vulnerabilities to themselves, for exploitation or monetization.

oddly enough it’s been canceled already … sighs - as most things about ‘conspiracy’ theories lately (entire snooptube channels being shut down for no good reason)