The Xz backdoor and a near miss on the F-Droid app store show how the entitled attitude of some people in the open source community can be used to push malicious or insecure code.
It’s probably far more common than most people realize. Open source software doesn’t automatically make it secure, and in many cases can be less secure than closed source as it’s just one or two people doing it for free.
Much easier to be tempted to do something wrong or to get others to help in and take the weight off.
Closed source software has the exact same bullying issue, the difference is instead of the bullies being random people on the internet, they are managers with power over you. They are at least as likely to make you do something dangerous as the randoms, but they don’t have to try as hard to hide it.
It’s probably far more common than most people realize. Open source software doesn’t automatically make it secure, and in many cases can be less secure than closed source as it’s just one or two people doing it for free.
Much easier to be tempted to do something wrong or to get others to help in and take the weight off.
Absurd take. How could having the source closed possibly enhance the security?
Closed source software has the exact same bullying issue, the difference is instead of the bullies being random people on the internet, they are managers with power over you. They are at least as likely to make you do something dangerous as the randoms, but they don’t have to try as hard to hide it.
How do you qualify the security of a closed source code when you can’t verify it?