|
|
|
|
|
|
by onion2k
2251 days ago
|
|
|
The point that "Open source code is much more likely to already have been audited better." is actually true, but with the caveats that 99% of code isn't audited at all, and the 'better' claim is dubious. Security-focused devs audit OSS projects for practise, for bounties, for the glory of finding something in a popular codebase, and just to contribute their skills. It does happen. In the closed source world, very few companies will pay for their source code to be audited, because it's expensive and time-consuming, and most only do it if they're required to. |
|
|
And even when they do, in my experience, they usually end up buying an expensive automated report that provides little or no real insight.