Closed source software has the exact same bullying issue, the difference is instead of the bullies being random people on the internet, they are managers with power over you. They are at least as likely to make you do something dangerous as the randoms, but they don’t have to try as hard to hide it.
Comment on Bullying in Open Source Software Is a Massive Security Vulnerability
DingoBilly@lemmy.world 7 months ago
It’s probably far more common than most people realize. Open source software doesn’t automatically make it secure, and in many cases can be less secure than closed source as it’s just one or two people doing it for free.
HuntressHimbo@lemm.ee 7 months ago
sugar_in_your_tea@sh.itjust.works 7 months ago
It’s not the same, but it can be.
Bullying in closed source software is a company culture issue. Bullying in open source software can come from anywhere, and a good CoC won’t necessarily fix it because outside community members can just bully from different accounts. But that also means bad company culture can’t be fixed as easily as playing whack-a-mole in a FOSS project.
NoneOfUrBusiness@kbin.social 7 months ago
I mean you can see the source code. You'll know if anyone does something weird if you have two braincells.
lewdian69@lemmy.world 7 months ago
You’re manually reviewing the entire code of every open source product you use? Manually reviewing the code at every commit of every open source software you use?
NoneOfUrBusiness@kbin.social 7 months ago
Nope, I'm just a clown who doesn't actually work in tech.
lewdian69@lemmy.world 7 months ago
I forgot it wasn’t any of my business to ask. My bad
bizzle@lemmy.world 7 months ago
I can’t tell if you’re joking but if you are that’s hilarious
NoneOfUrBusiness@kbin.social 7 months ago
Oh shit I must've said something really dumb now.
(I wasn't).
null@slrpnk.net 7 months ago
It’s not a dumb point so much as just naive – and its the lesson we learned from the xz backdoor.
Sure the source code is out there for anyone to see, but are the right people actually looking?
tabular@lemmy.world 7 months ago
How do you qualify the security of a closed source code when you can’t verify it?
I’d bet on for-profit motive over passion-project when it comes to being tempted to do something wrong.
null@slrpnk.net 7 months ago
Absurd take. How could having the source closed possibly enhance the security?
SqueakyBeaver@lemmy.blahaj.zone 7 months ago
I think they mean that a lot of proprietary software (supposedly) has a large (or at least well-founded) team working on it
Malfeasant@lemmy.world 7 months ago
Hahahahahahahahaahaha
(I work for a software company.)
null@slrpnk.net 7 months ago
Weird that they would say something totally different from what they mean…
SqueakyBeaver@lemmy.blahaj.zone 7 months ago
I mean, they didn’t though Theoretically, well-funded teams would be able to create more secure software and fix vulnerabilities faster than some random guy who works a full-time job and codes in his free time