Why 'many eyes' isn't working and what we can do to fix it!
“Many eyes" in theory is perfect, but, in practice the "eyes" tend to focus only on the top 1% of packages, and those specifically with corporate sponsorship.
But it is possible to fix this! Today we know exactly what packages are most used, so now all we have to do is incentivise the eyes to look at all open-source code.
We are attempting to do just that with the launch of huntr (https://huntr.dev) on Feb 1st. With government grants and backing from enterprise who are excited about securing open-source code, we are able to spread the money across the spectrum, and redistribute the ‘many eyes’ to the many packages.
If you are interested in the platform, or want to try make some money fixing vulnerabilities, check it out at https://huntr.dev
0 comments
[ 2.5 ms ] story [ 12.4 ms ] threadNo comments yet.