Skip Navigation

You're viewing part of a thread.

Show Context
115 comments
  • I don’t need to repeat myself but that’s all I’d be doing.

    You’re making the argument that open source software inherently does this better and I’m telling you that you’re wrong. I’m going to cite myself, a 20 year veteran in the field.

    It can do it better and often times it does work out this way.

    Closed source software also has value and use and for its own set of reasons could make the argument that it is more secure because of access controls and supply chain management and traditional security mechanisms.

    I think you read what I wrote as a “no you’re entirely wrong” whereas what I said was “you’re asserting things that aren’t true which is weakening the argument”

    Frankly though given the lack of response to what I actually said by anyone I’m just going to rest on knowing in the real world my input is considered valid, here where we’re being fanatics … idk for all you know I’m a bot spewing AI generated drivel.

    Maybe the disconnect here is I’m talking about practical application because of experience vs theoretical application because of ideology.

    • No I don't think you said I was entirely wrong, that part was clear enough.

      My issue is more with your argument from authority and personal experience. It is very easy to be biased by personal experience, especially when it brings good money.

      access controls and supply chain management and traditional security mechanisms.

      So I'll put my personal experience too (which is also a low value argument). From the outside it may seem this is well done in big companies. But the reality is that this is often a big mess and security often depends on some guy, if any, actually having some standards and enforcing them, until they leave because the company doesn't value those tasks. But since it's closed source, nobody knows about it. With open source, there's more chance more people will look at this system and find issues.
      I don't doubt some ultra sensitive systems like nuclear weapons have a functional closed source security process because the government understands the risk well enough. But I think there are way more closed source systems, at lower danger level but which still impacts people's security, that are managed with a much lower standard than if they were open-sourced.

115 comments