One of the arguments for free and open source software is that its transparency allows for anyone to evaluate the quality and security of its code and contribute to its improvement.
I’m curious about how many people actually can and do that?
I’m a user of software, not a programmer, but I do sometimes scan over install scripts to see if they contain URLs that I don’t recognise, although I’m not at all equipped to map and dig into the code of what I run and neither do I have the time to.
Do you?
Trying to guage how this theoretical benefit translates into the real world.
My experience is that OSS security scales upwards based on increased contributors, while commercial software is the inverse.
A small git* repo with a couple contributors is likely very insecure compared to one with 5000+. An enterprise tool from a company with 70 devs is probably far less bloated and insecure than one from a company with 1000 devs.
My 2 cents.