Mastodawn

The "many eyes" myth is dead. Shai-Hulud, S1ngularity, and other attacks prove open source needs dedicated security teams, not just volunteers. AI-powered attackers are winning. Time to build something better.
Read my take here:
https://paradigmtechnica.com/2025/12/03/the-open-source-security-myth-why-many-eyes-arent-enough-anymore/
#opensource #security

Show thread

Francesco P Lovergine

Dec 3

@poller
Nice read, but it's not only about security; it's also about the sustainability of FOSS projects. Too many hubs, no resources dedicated to maintaining them, and too many packages out there, often used in applications without any rationale for long-term maintenance.

Show thread

Francesco P Lovergine

@poller And I find companies are often not better. Too many SSL-like projects out there that are maintained by a handful of people in their free time, but are used by multi-billion-dollar companies.