<![CDATA[Remember Linus's Law?]]>Remember Linus's Law? While it was never really true, there are now A LOT of people looking for vulnerabilities with LLMs, and they're finding vulnerabilities EVERYWHERE

While Linus's Law was clearly nonsense, this is creating an increase in vulnerabilities the world is completely unprepared to deal with

What happens if we have a million CVEs every year?

Link Preview Image
Linus's Law, but vulnerabilities

given enough eyeballs, all bugs are shallow – Linus’s Law A long time ago we thought Linus’s Law was a real thing and it was why open source was better than closed source. It seems pretty accepted now that Linus’s Law wasn’t ever really a thing. It’s far more likely the reason a lot of open source was pretty good is because the authors were worried someone WOULD look and judge them if the code looked like crap. We all have dark corners of private GitHub repos that are the code equivalent of a festering boil.

favicon

Open Source Security (opensourcesecurity.io)

]]>https://board.circlewithadot.net/topic/4584b493-32a5-413d-a8fd-5a102056b152/remember-linus-s-lawRSS for NodeMon, 25 May 2026 16:13:25 GMTWed, 29 Apr 2026 12:27:39 GMT60<![CDATA[Reply to Remember Linus's Law? on Wed, 29 Apr 2026 12:47:30 GMT]]>@joshbressers What if most of them are bullshit?

Link Preview Image
The Boy That Cried Mythos: Verification is Collapsing Trust in Anthropic | flyingpenguin

favicon

(www.flyingpenguin.com)

]]>https://board.circlewithadot.net/post/https://hachyderm.io/users/haliphax/statuses/116488067512342280https://board.circlewithadot.net/post/https://hachyderm.io/users/haliphax/statuses/116488067512342280Wed, 29 Apr 2026 12:47:30 GMT<![CDATA[Reply to Remember Linus's Law? on Wed, 29 Apr 2026 12:46:59 GMT]]>@fennix Agreed!

It's going to be a very silly couple of years

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/joshbressers/statuses/116488065481264967https://board.circlewithadot.net/post/https://infosec.exchange/users/joshbressers/statuses/116488065481264967Wed, 29 Apr 2026 12:46:59 GMT<![CDATA[Reply to Remember Linus's Law? on Wed, 29 Apr 2026 12:46:32 GMT]]>@hyc While I would love to see this, I suspect that ship sailed a long time ago

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/joshbressers/statuses/116488063712043809https://board.circlewithadot.net/post/https://infosec.exchange/users/joshbressers/statuses/116488063712043809Wed, 29 Apr 2026 12:46:32 GMT<![CDATA[Reply to Remember Linus's Law? on Wed, 29 Apr 2026 12:42:18 GMT]]>@joshbressers

A million CVEs is gonna look like rookie numbers in 3-5 years. The quantity of vulnerabilities will increase with the quantity of code and that's ballooning now.

Thing is, any pentester or appsec person could have told you this stuff is there and has been forever. It's occult knowledge basically; hidden because nobody's actually been looking.

The reckoning here isn't that this is creating some unbeatable tide of new problems, it's that for years people have refused to foundationally build in secure design and development practices in our education for any kind of programmer, developer, or architect. Pushing left is the only reliable way to turn this tap off - prevent the mistakes as or before they're made. Instead, the industry has collectively decided to build tap opening automation at grand scales.

"Oh no we've defended our appsec program" is basically where loads of companies are.

Look to climate change for how well we're goanna handle this.

]]>https://board.circlewithadot.net/post/https://infosec.space/users/fennix/statuses/116488047079088108https://board.circlewithadot.net/post/https://infosec.space/users/fennix/statuses/116488047079088108Wed, 29 Apr 2026 12:42:18 GMT<![CDATA[Reply to Remember Linus's Law? on Wed, 29 Apr 2026 12:39:08 GMT]]>@joshbressers maybe.... fix them slowly, and write new code more slowly, carefully, and deliberately?

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/hyc/statuses/116488034584742483https://board.circlewithadot.net/post/https://mastodon.social/users/hyc/statuses/116488034584742483Wed, 29 Apr 2026 12:39:08 GMT<![CDATA[Reply to Remember Linus's Law? on Wed, 29 Apr 2026 12:34:05 GMT]]>@liw hi5!

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/joshbressers/statuses/116488014758014979https://board.circlewithadot.net/post/https://infosec.exchange/users/joshbressers/statuses/116488014758014979Wed, 29 Apr 2026 12:34:05 GMT<![CDATA[Reply to Remember Linus's Law? on Wed, 29 Apr 2026 12:32:11 GMT]]>@joshbressers https://blog.liw.fi/posts/2022/04/07/linus-law/

]]>https://board.circlewithadot.net/post/https://toot.liw.fi/users/liw/statuses/116488007304075045https://board.circlewithadot.net/post/https://toot.liw.fi/users/liw/statuses/116488007304075045Wed, 29 Apr 2026 12:32:11 GMT