Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreih36pya6ht4n4kdj35xzogm2vt2zkkzmqqlxsic4wt52o7vsyb4tq",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mirwankwybq2"
  },
  "path": "/t/claude-code-found-a-linux-vulnerability-hidden-for-23-years/36851#post_6",
  "publishedAt": "2026-04-05T21:13:27.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "The secure open source fallacy"
  ],
  "textContent": "ulveon.net:\n\n> I wrote a while ago how just because something is open source doesn’t necessarily mean it’s secure: The secure open source fallacy\n\nWhile your criticism of the fallacy is correct, open source provides security and trust by _enabling_ the community to verify and audit the code they run. Making the code open also does allow for more vulnerability finding and patching, but this needs people to _actually_ do it. It is extremely difficult to do the same for proprietary software, which relies on the development team to honestly find and patch vulnerabilities, and for all outsiders know could have malicious code hidden inside it, making it extremely difficult for outsiders to trust. Open source’s security requires work: “read it bro,” whereas proprietary software’s security is a promise by the developers: “trust me bro.”\n\nWe’ll see but I don’t think AI will fundamentally change relative security of open source software and proprietary software. AI tools find vulnerabilities faster in open source code, alright, but so do humans. And, like humans, when AI tools find a vulnerability, they could report or patch it, or they could exploit it.\n\nAI finding more vulnerabilities in open source code does not mean closed source software has fewer vulnerabilities. On the contrary, AI may have the potential to learn machine code much faster than most humans can learn it. I wonder if AI’s capacity to analyze machine code, as a ratio over its capacity to analyze source code, will be much higher than the same ratio for human analysts. If so then malicious AI would pose a higher threat to machine code than humans, and AI may become an effective tool at finding vulnerabilities in closed source software.",
  "title": "Claude Code Found a Linux Vulnerability Hidden for 23 Years"
}