            
              Write an open source malware
Freely publish it everywhere because everyone assumes someone checked it, because it's open source, you know?
???
Profit

[–] pinball_wizard@lemmy.zip 25 points 1 month ago

I mean, there are many excellent open source malware.

The ??? Is mostly phishing campaigns, I think.

[–] thevoidzero@lemmy.world 1 points 1 month ago (3 children)

That's the thing though if it's open source and 99.9% don't check that 0.1% checking it will be enough.

[–] obsoleteacct@lemmy.zip 2 points 1 month ago

Thank God for Tylenol.

[–] rikudou@lemmings.world 2 points 1 month ago (2 children)

The trouble with smaller open source software is that there's no 0.1% checking it. And from time to time a small projects becomes widely used and everyone assumes someone already checked it; it's a widely used open source software, after all.

[–] yermaw@sh.itjust.works 2 points 1 month ago

I have the same skeptical mindset as you here, but like Wikipedia still seems fine.

[–] thevoidzero@lemmy.world 1 points 1 month ago

I think most early users do check further than open source licenses. It's possible they'll add things later, but if they add after it has enough users we have significant number of users to have some people check. And if the user base is small then they're probably more involved, or are reading/modifying code for their use cases.

Of course it's not foolproof, but it has worked for a long time because of things like that

[–] Rooster326@programming.dev 1 points 1 month ago* (last edited 1 month ago) (1 children)

By definition in order to have . 1% then the sample size must be greater than 1,000. The vast majority of open source projects will not get to this level.

[–] thevoidzero@lemmy.world 2 points 1 month ago

I think for a open source projects with such a low number of users, the first few users will definitely look further than "it's open source".