The Xz backdoor and a near miss on the F-Droid app store show how the entitled attitude of some people in the open source community can be used to push malicious or insecure code.
It’s probably far more common than most people realize. Open source software doesn’t automatically make it secure, and in many cases can be less secure than closed source as it’s just one or two people doing it for free.
Much easier to be tempted to do something wrong or to get others to help in and take the weight off.
You’re manually reviewing the entire code of every open source product you use? Manually reviewing the code at every commit of every open source software you use?
It’s probably far more common than most people realize. Open source software doesn’t automatically make it secure, and in many cases can be less secure than closed source as it’s just one or two people doing it for free.
Much easier to be tempted to do something wrong or to get others to help in and take the weight off.
I mean you can see the source code. You’ll know if anyone does something weird if you have two braincells.Edit: Clown here move along.
You’re manually reviewing the entire code of every open source product you use? Manually reviewing the code at every commit of every open source software you use?