Hacker News new | ask | show | jobs
by charcircuit 2 hours ago
>both less accessible code

Yet still important to be secured due to the impact vulnerabilities can have. And LLMs can work without source code access via utilizing things like debug symbols, disassembly, reverse engineering, etc.

>paid maintainers

Just like open source maintainers their time is already being spent on other things which they see as more important over making the project 100% security bug free. Just because they are being paid, that doesn't make security their number 1 priority.
2 comments
behindsight 1 hour ago
Project Glasswing is already a thing, and the other labs have started their own initiatives too if they want to collaborate and work on securing closed-source software.

Still not addressed the moral clarity point being brought up, nor the ramifications of the Linux Foundation choosing which closed source projects to focus on and alienating their mission statement.

Again, your idea is noble but why should the Linux Foundation be saddled with it when those other options exist? OSS needs their focus as their mission outlines.

link
dofm 1 hour ago
> that doesn't make security their number 1 priority.

Well perhaps the companies who employ them to make that software they sell for profit should let them do that first rather than tokenmaxxing, and the great big non-profit effort can get round to them to help a little bit later after it has helped secure all the open-source stuff the internet actually runs on.

link