The point is that a world of coders who would be mulling over the code due to interest and spare time would likely find critical issues and shine light onto them, making it a PR issue for those companies. If those companies ever get around to offering bounties for issues relating to safety or security, even easier to get an army of eyes on the code.
Heartbleed and ShellShock are examples of why open source is better. Both were found by folks who were not the software maintainers, but were reviewing the source code independently.
In comparison, it took multiple deaths and a major lawsuit to create the same level of visibility into Toyota's codebase. And what reviewers found was code quality far worse than that of OpenSSL or bash.
Someone else said this in another HN thread, but I love it: imagine a world in which Consumer Reports car reviews include a code audit report. That would be far, far better for overall safety than the current situation.
I agree. I might have stated my point too strongly.
I just think that going Open Source won't magically fix things. ShellShock and Heartbleed were out there for many years before someone reported on them, with (AFAIR) evidence of those holes being exploited by malicious actors. Trying to force a switch to Open Source won't improve situation very much, while requiring a serious overhaul of how the entire world does business. It doesn't seem to be worth it without introducing additional ways to fix the software creation and testing process.
I'm only trying to show that you can't shout "Open Source!" and get magical immunity from bugs in life-critical software. We need to think of something else instead, or in addition to, open-sourcing to meaningfully reduce the amount of those bugs.
I agree. The main component of safety and security--is making it part of the software development process itself. Nothing can substitute for that, and it's what the article is addressing.
Open source would be "nice", but it's just the training wheels, while safety and security baked into the process is the front tire. Might help it from not falling over but you're not going anywhere in the right direction without the right foundation.
