this post was submitted on 10 Oct 2023
1042 points (96.8% liked)
Technology
59402 readers
4094 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
My point was that everyone can do it, but not everyone will commit the time and energy to do it. This fact alone is why people prefer an open source product over the hidden schemes behind the likes of Google and Samsung. And you right you will never stop malicious elements trying to take advantage of the flaws that are inevitable in the complexity of software today.
What I’m trying to push back on is your assertion that everyone can do it.
Security auditing is an extremely complex and specialized field within the already complex and specialized field of software development. Everyone cannot do it.
Even if it were as straightforward as you imply, just the prevalence of major security flaws in thousands of open source packages implies that everyone doesnt do it.
If I were to leave piles of aggregate and cement, barrels of water, hand tools and materials for forms, a grader and a compactor out and tell the neighborhood “now you can all pave your driveways” I’d be looked at like a crazy person because presented with the materials, tools and equipment to perform a job most people still lack the training and experience to perform it.