And to a large extent, there is automatic software that can audit things like dependencies. This software is also largely open source because hey, nobody’s perfect. But this only works when your source is available.
Though one of the major issues is that people get comfortable with that idea and assume for every open source project there is some other good Samaritan auditing it
Luckily there are people who do know, and we verify things for our own security and for the community as part of keeping Open Source projects healthy.
Open source software is safe because somebody knows how to audit it.
Also because those people who can audit it don’t have a financial incentive to hide any flaws they find
And to a large extent, there is automatic software that can audit things like dependencies. This software is also largely open source because hey, nobody’s perfect. But this only works when your source is available.
Though one of the major issues is that people get comfortable with that idea and assume for every open source project there is some other good Samaritan auditing it