daniel:// stenberg://"Unfortunately in the bank where i work it is not easy to change the version, it requires lots of resources to retest." says reporter who uses a ten years old #curl version with a suspected bug... The problem is not open source.
Agnieszka R. TurczyĆska@bagder It's not much better in other areas. For a few years I was working for company doing TV decoders (air, cable, sat). We had a bunch of reports from the field, that there are problems with WiFi connectivity. A quick glance at our WiFi stack (wpasupplicant, connman): I don't remember the exact age, but it was at least three years old. It took me some time to convince my chain of command, that we need to update the whole stack. There were very hesitant, because, quote "we may introduce new bugs". Well, yes, I agree, there is a risk. But we already HAVE bugs, which affect the business of the customer.
Long story short: updated the stack, bugs had disappeared, and the connectivity situation improved.
BTW, I use the reluctance for the change as a metric of health of the s/w company. And if the org is afraid, above the certain level, of making changes, then it says something about the effectiveness of their tests.
And banks, well, there are very risk averse. I've been working in that industry for a few years as well, and I have some stories...