Well, no; there's plenty of proprietary software without a human name attached (let alone a name that you could possibly verify is real), and there are FOSS projects that only take contributions from people who have identified themselves in some capacity.
My point was more that there's plenty of software that is not FOSS and is also not published by an identifiable legal entity, traditionally appearing as freeware/shareware for Windows/macOS. And even if there does appear to be some sort of legal entity (human or company), how many people are going to check that a company even exists on paper before installing the random .exe from its website?
My point was more that there's plenty of software that is not FOSS and is also not published by an identifiable legal entity
Yes, installing any software of "unknown origin" is a gaping security hole --- whether FOSS or not.
The fact that some people do dumb stuff does not negate the fact that a lot (if not most) FOSS fits in this category. Anonymous maintainers and contributors is pretty normal operating procedure which equates to zero accountability.
The common retort is, "Well, the source is available for review". But as this example shows, this is a very weak indicator of security or safety. A review is often not done before (or even after) distribution --- and certainly not with a malicious actor in charge.
> Anonymity is the unique aspect of open source that opens the door for malicious activity without consequences.
If you'd like to amend to something like
> Anonymity, which is in play for most FOSS and a decent chunk of proprietary software, opens the door for malicious activity without consequences.
Then I wouldn't strongly disagree. I'm still a little skeptical, because people keep finding backdoors in non-FOSS software/firmware, of course, but it'd at least be a defensible claim. I'm only really objecting to the notion that this is unique to FOSS.
There's tons of utter garbage commercial software. There's commercial software with intentionally built in backdoors and information stealing. Most of it gets zero accountability, nor do the sites that distribute it, nor the ad networks that find viewers for it.
Just like there's basically no reputational harm anymore for leaking all your users details for most leaks
No, it's not whataboutism. You claimed that this was a problem unique to open source. Pointing out that the same results manifest in non-FOSS software isn't whataboutism, it's a direct contradiction of your claim.