And to a large extent, there is automatic software that can audit things like dependencies. This software is also largely open source because hey, nobody’s perfect. But this only works when your source is available.
Though one of the major issues is that people get comfortable with that idea and assume for every open source project there is some other good Samaritan auditing it
Luckily there are people who do know, and we verify things for our own security and for the community as part of keeping Open Source projects healthy.
Open source software is safe because somebody knows how to audit it.
And to a large extent, there is automatic software that can audit things like dependencies. This software is also largely open source because hey, nobody’s perfect. But this only works when your source is available.
It’s safe because there’s always a loud nerd who will make sure everyone knows if it sucks. They will make it their life mission
Also because those people who can audit it don’t have a financial incentive to hide any flaws they find
Though one of the major issues is that people get comfortable with that idea and assume for every open source project there is some other good Samaritan auditing it