Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"It's opensource, so people would likely have caught this issue." Lol, practically every CVE is on code you can read.

"It's opensource, so it is going to be a better engine in the long run." Citation needed.



> "practically every CVE is on code you can read."

This is probably true due to a sort of survivorship bias. code you can read is much easier to analyze and test and report. Closed source internal code has a lot of security by obscurity built into it. Not to dismiss security by obscurity, I am sure it keeps an absolute frightening amount of code safe.


> Not to dismiss security by obscurity, I am sure it keeps an absolute frightening amount of code safe.

β€œThe oldest and strongest emotion of mankind is fear, and the oldest and strongest kind of fear is fear of the unknown.” H.P. Lovecraft




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: