Although it's hardly a serious problem now, this really goes to confirm my suspicion that the security benefits of open-source software are in many cases - not all, but many - largely theoretical. I think the reality is that, in most cases, very few people beyond the actual author bother to read/audit the code for the open-source software they use.
Many eyes caught this, this was found within the community.. A community that was not as big in the early to mid 1990's as it is now..
Although it's hardly a serious problem now, this really goes to confirm my suspicion that the security benefits of open-source software are in many cases - not all, but many - largely theoretical.
The turnaround time on bugs in the OSS community is huge. And consider you talking about elm an email client almost nobody uses. If we got a notification about every vulnerability in the closed source world I think you would see OSS stacks up quite nicely.
I think the reality is that, in most cases, very few people beyond the actual author bother to read/audit the code for the open-source software they use.
Heres the think, most projects have more than one author if OSS code is written in a UNIX like philosophy and is useful it quickly develops a large development community that will survive the loss of the initial author..