undefined | Better HN

0 pointsjokoon12y ago0 comments

Proprietary code is subject to a market value, companies can actually invest in a codebase to improve it and add features, whereas open source is subject to common interests or volunteering. I agree that open source can increase quality thanks to the "community", but unless there is a community, nothing gets done. "there is no such thing as a free meal".

If you don't have the source code, it's actually a little harder to find a vulnerability since all you have is a big blob of binary assembly. Hackers can still find vulnerabilities with enough time on their hand, but it's still much discouraging.

0 comments

1 comments · 1 top-level

mbq12y ago

I just think that invisible hand of the market is an equally virtual limit effect as the many eyes ensemble. The stream of closed-source vulnerabilities is also substantial and a time-to-fix is much larger there, what effectively pays for the additional effort required to identify a flaw.

No free lunch in security rather hides in the trade-off with convenience.

j / k navigate · click thread line to collapse