All that is worrisome, but it's the last one that I find the most troubling. Companies are clearly indulging in magical thinking if they believe that OSS is free of security problems. It's that kind ofblind-belief in OSS that led to the OpenSSL Heartbleed security fiasco. Yes, it'...
One worrisome piece of data is in the time to close pull requests. The mean is short, but the median is too short. That could either mean a very well-streamlined code review in a tightly coupled team or very little code review. Data source:Corona-Warn-App dashboard(Manrique Lopez,CC BY...
It is worrisome that protocol changes get merged without accompanying extensive test coverage. This is why the Conformal team puts such a strong emphasis on complete test coverage to help catch such issues that easily go unnoticed by developers. btcd won’t be supporting the command because it ...
Another issue this brings up is the amount of testing, or the lack thereof, that goes into protocol changes. It is worrisome that protocol changes get merged without accompanying extensive test coverage. This is why the Conformal team puts such a strong emphasis on complete test coverage to hel...