That is a nice sentiment but my experience in open source is that in-depth security evaluation is not done that frequently; it should be but sadly it is not. Log4j has been sitting there for a while and even though people saw the ability to execute remote code locally it didn’t have an aha moment until recently.
I think it is still better in the open for the reasons you stated but some are done more aggressively than others. Matt Hogstrom [email protected] +1-919-656-0564 “To achieve great things two things are needed: a plan, and not quite enough time.” - Leonard Bernstein > On Feb 15, 2022, at 3:04 PM, Radoslaw Skorupka <[email protected]> wrote: > > 4. Open source mean more eyes are looking for the holes => better code > review. However closed source means it is less likely that possible hole > would be found. What's better? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
