Having worked in product security, the biggest challenge we faced was upstream vulnerabilities in both closed and open source software. The biggest problem with FOSS is that its allure is the F part. No company wants to dedicate resources to patching vulnerabilities in software they don’t own, and no OSS developer wants to work for F500 companies for free.
Having worked in product security, the biggest challenge we faced was upstream vulnerabilities in both closed and open source software. The biggest problem with FOSS is that its allure is the F part. No company wants to dedicate resources to patching vulnerabilities in software they don’t own, and no OSS developer wants to work for F500 companies for free.