Griffin Boyce <[email protected]> writes: >Why is it that these things that thousands of people rely on are not audited >in any real way?
It's open-source, so there's the presumption of audit, "I couldn't be bothered looking at it, but since it's open source someone else must have". The odd thing is that it's some of the commercial vendors, who are doing it for money and can pay to have the code checked, for which you have at least some presumption of audit, but since they're closed-source you're not allowed to trust them. Peter.
