In additional to the other comment, I think there’s also a traditional fear of corruption in open source. If the code is public then malicious parties are free to read and take advantage of holes in the security. Secondly it would be possible to contribute code with secret functionality that goes unnoticed. These are fairly easily debunked but seem to remain in people’s heads.
Ugh I hate these arguments about giving bad actors easier access. Bad actors are going to figure out flaws and security holes whether it’s open source or not. Security through obfuscation is a temporary measure and having more eyes on the source means more chances for good actors to find flaws and publicize them for fixes.
In additional to the other comment, I think there’s also a traditional fear of corruption in open source. If the code is public then malicious parties are free to read and take advantage of holes in the security. Secondly it would be possible to contribute code with secret functionality that goes unnoticed. These are fairly easily debunked but seem to remain in people’s heads.
Ugh I hate these arguments about giving bad actors easier access. Bad actors are going to figure out flaws and security holes whether it’s open source or not. Security through obfuscation is a temporary measure and having more eyes on the source means more chances for good actors to find flaws and publicize them for fixes.