Open Source is a complex topic these days. Here is an interesting perspective:
A few more of my comments:
- mistakes and bad things will happen – life has risk. Most seem to live in a society that eliminates all risk, which has never been the case and never will be. The problem with extreme risk-averse approach is we end up in a blank, sterile situation where nothing happens.
- money does not always fix everything. More funding does not guarantee mistakes won’t be made. We only have to look to the security record of commercial software.
- there will never be perfect monetary equity and justice. I’ve contributed to OSS projects for years and received little back other than improving my skills and expanding my toolbox. I suspect most other OSS contributors are in the same boat. In the long run, skills are the truly valuable asset, as these can always be used to produce something of value. Anything else (money, bitcoins, fame, etc) is ephemeral.
- log4j2 has likely given way more value to the world than what the recent security problem will cost the world. Thus it a net benefit – society is richer.
- security problems need addressed, but they are way overblown in most cases. For most systems, there is little value to attackers, thus they are not going to put a lot of effort into cracking them. For the rest, if they are patched and updated soon, chances are you’ll get your system patched before attackers find it. Again, there will be some systems compromised, which gets back to risk – if we are doing anything, there is risk …
- basic economics suggest that things improve when society is richer – we improve things by creating, not breaking windows. Open source adds value to society by creating useful things.
Can we have an optimistic, thankful, positive view on all this?