This article is the third I've seen where proprietary vendors, after the xz backdoor, try to claim that FOSS is inherently insecure. For example,
> the U.S. military is shipping software that is insecure and contains many known software vulnerabilities—CVEs, in software-speak.
If you use propriety applications, it's true that you'll have fewer CVEs. And of course, nobody at another company ever discovered a backdoor in their proprietary applications.
> The second approach is organizational. For example, Iron Bank currently offers only one price to its users: free. While this may seem “low cost,” software companies have no motivation to provide secure and high-quality components to Iron Bank because they cannot charge. If Iron Bank created “private” repositories that allowed companies could charge for access to high-quality software building blocks, it seems likely that Iron Bank images would have dramatically fewer known vulnerabilities.
Ah yes, because this is historically what has happened.
3 comments
[ 9.8 ms ] story [ 94.4 ms ] thread> the U.S. military is shipping software that is insecure and contains many known software vulnerabilities—CVEs, in software-speak.
If you use propriety applications, it's true that you'll have fewer CVEs. And of course, nobody at another company ever discovered a backdoor in their proprietary applications.
(In case you don't read the tone: /s)
Ah yes, because this is historically what has happened.
https://news.ycombinator.com/item?id=39947843