Bullying in Open Source Software Is a Massive Security Vulnerability - eviltoast
  • BargsimBoyz@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    24
    ·
    edit-2
    7 months ago

    It’s probably far more common than most people realize. Open source software doesn’t automatically make it secure, and in many cases can be less secure than closed source as it’s just one or two people doing it for free.

    Much easier to be tempted to do something wrong or to get others to help in and take the weight off.

    • null@slrpnk.net
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      2
      ·
      7 months ago

      in many cases can be less secure than closed source as it’s just one or two people doing it for free.

      Absurd take. How could having the source closed possibly enhance the security?

        • null@slrpnk.net
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          4
          ·
          7 months ago

          Weird that they would say something totally different from what they mean…

          • SqueakyBeaver@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            5
            ·
            7 months ago

            I mean, they didn’t though Theoretically, well-funded teams would be able to create more secure software and fix vulnerabilities faster than some random guy who works a full-time job and codes in his free time

            • null@slrpnk.net
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              edit-2
              7 months ago

              You say they didn’t, and then go on to make a point they didn’t make…

              They didn’t comment on funding whatsoever. Plenty of open-source software gets funding, and not all closed source software gets funding.

              The issue is with bullying and burnout. Nothing to do with being closed or open source.

              • SqueakyBeaver@lemmy.blahaj.zone
                link
                fedilink
                English
                arrow-up
                3
                ·
                7 months ago

                I’m sorry that I’m apparently not getting my point across to you

                Proprietary software is often made by a corporation, who pays full-time developers. Those full-time developers are given a salary to work on that software. That salary is normally more than what open-source devs make off their software. The team who is paid to work full-time on the software will patch issues faster (theoretically)

                I bet you’ll find something wrong with this, but I don’t care

                • null@slrpnk.net
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  arrow-down
                  1
                  ·
                  7 months ago

                  There’s nothing wrong with what you’re saying, I’m not challenging the point you’re making here.

                  I’m challenging your ability to mind-read and ascribe that point to a different commenter.

    • HuntressHimbo@lemm.ee
      link
      fedilink
      English
      arrow-up
      14
      ·
      7 months ago

      Closed source software has the exact same bullying issue, the difference is instead of the bullies being random people on the internet, they are managers with power over you. They are at least as likely to make you do something dangerous as the randoms, but they don’t have to try as hard to hide it.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        It’s not the same, but it can be.

        Bullying in closed source software is a company culture issue. Bullying in open source software can come from anywhere, and a good CoC won’t necessarily fix it because outside community members can just bully from different accounts. But that also means bad company culture can’t be fixed as easily as playing whack-a-mole in a FOSS project.

    • NoneOfUrBusiness@kbin.social
      link
      fedilink
      arrow-up
      10
      arrow-down
      2
      ·
      edit-2
      7 months ago

      I mean you can see the source code. You’ll know if anyone does something weird if you have two braincells.

      Edit: Clown here move along.

      • lewdian69@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        1
        ·
        7 months ago

        You’re manually reviewing the entire code of every open source product you use? Manually reviewing the code at every commit of every open source software you use?

          • null@slrpnk.net
            link
            fedilink
            English
            arrow-up
            2
            ·
            7 months ago

            It’s not a dumb point so much as just naive – and its the lesson we learned from the xz backdoor.

            Sure the source code is out there for anyone to see, but are the right people actually looking?

    • tabular@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      7 months ago

      How do you qualify the security of a closed source code when you can’t verify it?