[Discuss] Is open source more secure at the current level of AI?

[richard.pieri at gmail.com (Rich Pieri)]

On Sat, 11 Apr 2026 14:40:42 -0700
Kent Borg <kentborg at borg.org> wrote:

> Just because the "closed source is better"-crowd makes an argument 
> doesn't mean the argument is garbage. (Trump sometimes says something 
> that is true, too. So?)

It is garbage. "Open source is more secure than proprietary because
more eyes, shallow bugs." "Proprietary is more secure because attackers
can't see the source code." It's a false dichotomy on both sides because
both sides are asserting one of the two must be true when NEITHER are
true. The license does not make a program more or less secure. Look at
Heartbleed and Bashdoor/Shellshock and XZ tools. Look at SolarWinds and
NotPetya and the delivery restaurant menu hack. To name some of the
highest profile compromises. The licenses did NOTHING to stop attackers
from attacking and finding exploitable vulnerabilities.

Neural network AI models don't change any of this. They can accelerate
finding exploitable vulnerabilities. But if you think the black hats
are the only ones applying these models to open source software or that
they have any substantial advantage then you are very mistaken.

-- 
\m/ (--) \m/