On 13/2/22 1:03 am, Charles Mills wrote:
Nobody asked me, but I think David buried the most important point in the middle. I have
seen lots of TERRIBLE code written by "engineers from big tech." That's not the
key point. The key point is
the code is in the open and can be scrutinized by millions of people
There are thousands (if not millions) of people, ranging from high school code
nerds to professional security consulting firms, hoping to make a name for
themselves by being the first to spot some vulnerability in Apache, the Linux
kernel, etc. That is an incredible free code inspection service. That is the
key to the security of open source (IMHO).
It's not just about making a name themselves. It can be incredibly
lucrative, with some companies willing to pay six figure sums on bug
bounties https://www.bugcrowd.com/bug-bounty-list/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
