|
|
|
|
|
|
by michaelmior
1287 days ago
|
|
|
I'm not sure I understand the concern. I don't think it's at all unlikely that there are such long standing bugs in closed source software that's been around the same amount of time. We might just never hear about it or those bugs might never be found. Of course, I have no proof that's the case, but I'm not convinced that finding longstanding bugs in open source software is evidence of inferior quality (this is what you seem to be implying, but I may be mistaken). |
|
|
I'm not implying inferior quality, I'm implying no correlation.
There was a very strong assumption from back in 1999, that "lots of eyes make all bugs shallow", with a focus especially on security.
In reality, there's no correlation.
You need those eyes to actually be looking at stuff proactively, you want automated scans, you want modern software development practices and CI/CD pipelines, you want those eyes to actually be qualified to look at what they're looking correctly, etc.
Just putting stuff out there and assuming "people will look at its insides" is a bad assumption.
Open Source in my experience is not inherently superior from a security perspective to proprietary software.