Hacker News new | past | comments | ask | show | jobs | submit login

There are also people who think open source is the holy grail of security because "given enough eyeballs, all bugs are shallow". And is used as an argument. So it cuts both ways.



The thing about dependencies is most people don't actually read the source. But at least you have the option.


"given enough eyeballs, all bugs are shallow" Is certainly true, but that doesn’t make OSS the holy grail.

In fact, I’ve never met anyone who thinks that. And “all bugs are shallow” doesn’t mean there are no bugs, it just means it’s easier to find bugs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: