alt Hacker NewsClearly for commercial oriented opensource software, security through obscurity is one way to keep the pace in the short term. Not an option for proper open source software. Will this be the case that people who use open source software that is easily detectable will also start to shy away from using them for the fear of zero-days?
One of the benefits of Open source has been that there are more eye balls on the source, leading to more secure code/better quality. I think given enough time the bug reports will plateau and we will be back to a normal cadence - once the tsunami is over, hopefully things will settle at a more manageable cadence .
Replies
This benefit you speak of is actually just a meme.
Source that is unmaintained is dead. Nobody is looking at it, even the maintainer has something better to do.
Do you know whats even more powerful than "eyeballs"? Money.
Lets be honest, LLM with fuzzers are going to pound any llvm generated binary right in the hubris.
Won't matter if is closed source, signed, and or obfuscated. =3
I'm not sure that the benefit of many eyes helps here. So much of this bulk scanning is low-effort, and if you're a smart person developing closed source software you get the benefits of bulk scanning, but _at the time of your choosing_ .
OSS has always had tradeoffs and I sadly think this one is going straight to the "Cons" column. We still think the Pros outweigh the Cons, but this is NotGreat.