Closed source also keeps missing CVEs, only most of them you never know because ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		coldtea 4 months ago \| parent \| context \| favorite \| on: Be Careful with Obsidian Closed source also keeps missing CVEs, only most of them you never know because they aren't even making it to an officially released CVE. You usually don't even know what libs it uses and at what versions, never mind the proprietary code. And then there's the closed source's Cloud part and its holes as well, which is a whole other can of worms.

pjmlp 4 months ago [–]

I haven't said otherwise, other than the fallacy that being open by itself fixes those issues.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact