squaresinger, 1 month ago The only real downside on the open source side is that the fix is also public, and thus the recipe how to exploit the backdoor. If there’s a massive CVE on a closed source system, you get a super high-level description of the issue and that’s it. If there’s one on an open source system, you get ready-made “proof of concepts” on github that any script kiddy can exploit. And since not every software can be updated instantly, you are left with millions of vulnerable servers/PCs and a lot of happy script kiddies. See, for example, Log4Shell.
The only real downside on the open source side is that the fix is also public, and thus the recipe how to exploit the backdoor.
If there’s a massive CVE on a closed source system, you get a super high-level description of the issue and that’s it.
If there’s one on an open source system, you get ready-made “proof of concepts” on github that any script kiddy can exploit.
And since not every software can be updated instantly, you are left with millions of vulnerable servers/PCs and a lot of happy script kiddies.
See, for example, Log4Shell.