logoalt Hacker News

jazz9k12/09/20241 replyview on HN

This only works for a handful of open source projects with corporate backing and the resources to fix these issues quickly.

For most OSS projects, the maintainers are either too overworked or just don't feel like fixing security issues.


Replies

bmicraft12/10/2024

> For most OSS projects, the maintainers are either too overworked or just don't feel like fixing security issues.

Surely you can't be serious about "most" (= a clear majority) oss projects not fixing vulnerabilities in a reasonable time frame?