3 comments

[ 9.8 ms ] story [ 94.4 ms ] thread
This article is the third I've seen where proprietary vendors, after the xz backdoor, try to claim that FOSS is inherently insecure. For example,

> the U.S. military is shipping software that is insecure and contains many known software vulnerabilities—CVEs, in software-speak.

If you use propriety applications, it's true that you'll have fewer CVEs. And of course, nobody at another company ever discovered a backdoor in their proprietary applications.

(In case you don't read the tone: /s)

> The second approach is organizational. For example, Iron Bank currently offers only one price to its users: free. While this may seem “low cost,” software companies have no motivation to provide secure and high-quality components to Iron Bank because they cannot charge. If Iron Bank created “private” repositories that allowed companies could charge for access to high-quality software building blocks, it seems likely that Iron Bank images would have dramatically fewer known vulnerabilities.

Ah yes, because this is historically what has happened.