> in the infosec space those with closed source products (e.g. WAF's) laugh at those with open source products
I would imagine open source has more reported zero days because, well, the source is open and auditable.
I do see a lot more closed source in the info/app sec space, but I suppose if you know that space well enough, the source code is just a bonus to seeing how the program works, not a requirement.
I would imagine open source has more reported zero days because, well, the source is open and auditable.
I do see a lot more closed source in the info/app sec space, but I suppose if you know that space well enough, the source code is just a bonus to seeing how the program works, not a requirement.