Comment by CrimsonCape
3 months ago
You touch on an interesting idea. Imagine if there is a "USA ATC Github" open-source repo. As a consultant, you bid on maintenance of the repo and get repo ownership privilege in exchange for your contract. Now you are paid to contribute to the repo for the duration of the contract. The public gets to see if you are worth your fee. If your contract ends, ownership revoked and handed to the next consultant.
The obvious downside to this is that hardening code becomes a potential large amount of effort/overhead that could normally be concealed behind binaries and proprietary code.
> The obvious downside to this is that hardening code becomes a potential large amount of effort/overhead that could normally be concealed behind binaries and proprietary code.
This is not a downside, it's a benefit.
Suppose an adversarial country eventually gets access to the proprietary code. Do you want members of the public to have found and patched any obvious vulnerabilities before this point? Yes you do.