this post was submitted on 26 Jun 2025
36 points (95.0% liked)
Linux
8169 readers
270 users here now
A community for everything relating to the GNU/Linux operating system
Also check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's also a myth, specially for a project of the size of nextcloud. Bugs can and do go unnoticed for years while in plain sight - with no way to know if it's been detected by any black hat.
Even worse: as soon as you merge a security fix in an open repository, people will instantly be trying to abuse it in any environment they can find that is currently running the unpatched version.
Proprietary software has its own version of that problem where companies are informed of a vulnerability by researchers and then just don't bother to fix it until the researchers are forced to publish it 😅
I'd guess the number of competent eyes on large foss projects used by companies is probably higher than more consumer focused stuff like Nextcloud (does Nextcloud position itself as a corporate tool? Maybe it does and I'm just not aware of it...) but I'm not the most knowledgable on this subject so I could certainly be mistaken
Edit: I'm dumb and still mostly asleep, just saw its literally a nextcloud article lol
Or they just call it a under documented or undocumented feature (thinking specifically about the Azure feature to let you access other tenants if they are using that Tenable reported last June).