Comment What utter bullshit (Score 1) 255
2014: The Year We Learned How Vulnerable Third-Party Code Libraries Are
Really? Like we did not know before?
I don't think anyone in the industry who is both sane and honest ever pretended that FOSS was bug-free.
We know that software, ALL software, contains bugs.
Also, plenty of projects don't have too many contributors, so the "many eyes" principle hardly applies.
But if you've got the source at least you can have a look, (and really should, if you are considring using something for a mission-critcal application).
Then fix, if required,and contrib back.
Certainly, vulnerabilities in FOSS stuff tend to get fixed pretty quickly when found.