Making it opensource is no guarantee at all(if there could be any), for instance... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dagi3d on Dec 29, 2022 \| parent \| context \| favorite \| on: I Lost All Faith in LastPass Making it opensource is no guarantee at all(if there could be any), for instance it could be more dangerous: anyone could spot a security hole and take advantage of it without reporting it, there is no guarantee there would be a responsible disclosure.

EMIRELADERO on Dec 30, 2022 [–]

Are you vouching for security through obscurity?

dagi3d on Dec 30, 2022 | [–]

When systems and code are audited and pentested by third parties, I don't see any benefit of actually making anything public.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact