I recently learned that my company prefers closed-source tools for privacy and security.
I don’t know whether the person who said that was just confused, but I am trying to come up with reasons to opt to closed-source for privacy.
I recently learned that my company prefers closed-source tools for privacy and security.
I don’t know whether the person who said that was just confused, but I am trying to come up with reasons to opt to closed-source for privacy.
My past employers have said the same, until I showed them they were already using apache, nginx, postgresql, MariaDB, and OpenWRT among other things.
A lot of shops think that using proprietary tools means they can demand fixes for critical vulnerabilities, but in my experience, even proprietary dev teams just reply that the code maintainers are aware and working on a fix.
Apache vuln? Here’s the link to their acknowledgment of that CVE and exactly what modules are affected.
That may show that the flaw is in an unused module, like node.is, but even when it is applicable, they just wait for the code maintainers to address it. They take no responsibility themselves.
Anti-libre software bans us from fixing it, bans us from control.