|
|
|
|
|
|
by raesene9
3296 days ago
|
|
|
What a closed source development team provides over OSS is some control over the quality and training of the developers allowed to commit to the codebase (e.g. the company can mandate that all developers have had training in how to avoid common XSS issues), control over the processes to be followed when commiting code, and control over the security tests to be carried out. Of course as a consumer of software that doesn't help too much 'cause you don't know which companies do a good job and which ones just say they do a good job... Open source is better in that you can audit it easily. However lets be honest, how many users of open source software actually are able to audit the libraries they use... So neither option is particularly great at the moment(IMO) |
|
|