|
|
|
|
|
|
by crabbone
1203 days ago
|
|
|
But you don't audit it entirely by yourself. Nor were you expected to before. It's the same idea as with other programs or add-ons you use. Don't you use some add-ons in the code editor you use not authored by the authors of the editor itself? And why would you believe the authors of the editor in the first place? Of course you need to do some due diligence, but it isn't anywhere near as taxing as you seem to think. Security is worthless if it prevents you from doing useful things. Given a choice between a chance of security breach and not being able to do the useful thing at all, in the circumstances like using a Web browser, I'd definitely choose to have the useful thing w/o security. |
|
|
And assessing risk of freely available open source software is still difficult, you either rely on all the authors being standup citizens, or on the bulk of the reviewers to be truthful and knowledgeable.