There are some people won’t touch anything to do with open source projects as they feel it might have issues with security. What does open source actually do for security or change how it works?

  • andruid@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    To be honest I’m a FOSS advocate, but when I recommend software I absolutely mention that getting devs (capable of fixing that software) in a SLA for critical bugs is what the absolutely should do, or accept the security risk or operational risk of insecure software.

    • andruid@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      This risk extends even more to non-foss software though as organic fixes can’t happen and the company that owns it HAS to fix it for you. Not all purchase agreements say they have to do this, and again it is our organizations that bare the risk then.