@downey@floss.social @relay@relay.infosec.exchange As much as I wish this were true, it’s not. Obscurity is a valid security layer and open source software with exposed source code _does_ make it easier for attackers to find attack vectors.

Without access to source code an attacker has to infer vulnerabilities by hitting the code. Those recon hits are visible in security tools like SIEMs.

Open source vulnerabilities can be discovered directly from the source and the attacker can craft the perfect exploit without ever touching production code. Then hit it once very effectively, probably escaping detection because there’s no recon signals.

The days of #OSS being used for actual critical applications is drawing to a close.

#infosec
]]>https://board.circlewithadot.net/topic/71f7f00b-9bd2-4c0b-8ba2-2bc2ecec1a19/@downey@floss.social-@relay@relayRSS for NodeFri, 15 May 2026 01:45:47 GMTWed, 15 Apr 2026 16:07:51 GMT60