• vext01@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    3 months ago

    There’s some truth to that, but bad actors have managed to slip things through in the past. It happened recently with xz.

    I guess my point is that we put a lot of trust in strangers when we run any code on our systems. Open or not.

    • xavier666@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      True. We can also not run code at all and be perfectly safe.

      I wish there was a comparison. Number of 0days in open source and 0days in closed source for comparible projects and a measure for time to mitigate the 0days.