> This fact highlights again the open-source components risk; no one guarantees that the open sources we use are benign, and it’s our responsibility to verify them.
It's odd to call this "the open-source components risk" when the exact same things are true for closed-source...
It's odd to call this "the open-source components risk" when the exact same things are true for closed-source...