@a1batross I think it’s funny how everyone says everything’s safe because it’s open source. No one’s even checking this complicated source code to see if it’s blatantly collecting data, much less looking for security holes.
Open source has been drummed into everyone’s heads as safer because it’s open and people try to break into it to discover holes all the time. Then, everyone assumes human nature is good, every Linux user is a white hat hacker, and they all immediately report security flaws instead of exploiting them.
That’s a level of trust in strangers that can get you hurt.
I literally faced a customer who told me they won't fix a SQL injection I found in their code because, wait for it:
- No customer asked for it.
My line of argument was that customers generally tend to assume kind of by default that the software will not randomly spray their most sensitive data on public web pages...
But the business wasn't convinced.