|
|
|
|
|
|
by jcranmer
2351 days ago
|
|
|
You're discounting the risk that, because it's open source, everyone assumes that someone else has done the security analysis. That is precisely what happened with OpenSSL--everyone assumed, since it's a big open source package, that somebody was keeping on top of this sort of issue, but nobody was. That there have been two major OpenSSL security fumbles (first was the Debian OpenSSL fiasco, second Heartbleed) sort of suggests that the value of "many eyes" for ensuring security is vastly overrated. |
|
|