There are some people won’t touch anything to do with open source projects as they feel it might have issues with security. What does open source actually do for security or change how it works?
There are some people won’t touch anything to do with open source projects as they feel it might have issues with security. What does open source actually do for security or change how it works?
the reason why many companies try to avoid using open source software is support. they usually can’t throw money at the creator to fix their problems or create custom solutions for them. which is kind of not accurate anymore today.
To be honest I’m a FOSS advocate, but when I recommend software I absolutely mention that getting devs (capable of fixing that software) in a SLA for critical bugs is what the absolutely should do, or accept the security risk or operational risk of insecure software.
This risk extends even more to non-foss software though as organic fixes can’t happen and the company that owns it HAS to fix it for you. Not all purchase agreements say they have to do this, and again it is our organizations that bare the risk then.