I find people who agree with me for the wrong reasons to be more problematic than people who simply disagree with me. After writing a lot about why free software is important, I needed to clarify that there are good and bad reasons for supporting it.
You can audit the security of proprietary software quite thoroughly; source code isn’t a necessary or sufficient precondition for a particular software implementation to be considered secure.
Linters are a great thing I should’ve mentioned, esp. ones like ShellCheck. The phrase “low-hanging fruit” has been doing a lot of heavy lifting. I should mention that.
I talked a lot about how to determine if software is insecure, but didn’t spend enough time describing how to tell if software is secure. The latter typically involves understanding software architecture, which can be done by documenting it and having reverse engineers/pentesters verify those docs’ claims.
It’s getting late (UTC-0800) so I think I’ll edit the article tomorrow morning. Thanks for the feedback.
@[email protected] I updated the post to add a bit to one of the counter args, with a link to your comment. Here’s a diff
Thank you <3