Comment on Samsung joins Google in RCS shaming Apple
gayhitler420@lemm.ee 1 year agoIdk what the person you’re arguing with is trying to say, but as a prolific user of open source software, there are thousands of serious vulnerabilities discovered every time some auditing company passes its eye over github.
Malicious commits are a whole nother thing and with the new spaghetti code nightmare that is python nowadays it’s extremely hard to figure out which commits are malicious.
Open source software is not more secure by default and the possibility of audit by anyone does not mean that it’s actually getting done. The idea that anyone who can write software can audit software is also absurd. Security auditing is a specialized subset of programming that requires significant training, skill and experience.
Syldon@feddit.uk 1 year ago
My point was that everyone can do it, but not everyone will commit the time and energy to do it. This fact alone is why people prefer an open source product over the hidden schemes behind the likes of Google and Samsung. And you right you will never stop malicious elements trying to take advantage of the flaws that are inevitable in the complexity of software today.
gayhitler420@lemm.ee 1 year ago
What I’m trying to push back on is your assertion that everyone can do it.
Security auditing is an extremely complex and specialized field within the already complex and specialized field of software development. Everyone cannot do it.
Even if it were as straightforward as you imply, just the prevalence of major security flaws in thousands of open source packages implies that everyone doesnt do it.
If I were to leave piles of aggregate and cement, barrels of water, hand tools and materials for forms, a grader and a compactor out and tell the neighborhood “now you can all pave your driveways” I’d be looked at like a crazy person because presented with the materials, tools and equipment to perform a job most people still lack the training and experience to perform it.