Originally Posted by MFS
What is the license?
Closed source, but as compensation I'm working on an API.
Originally Posted by thomasjosif
Who know's what you can stick in there when it's not open source.
A lot... But for me personally I don't have any reason or intention to do so.
And opensource doesn't guarantee more security as proven by;
-Shellshock, a severe bug that existed since 1989 and was publicly unnoticed until 2014.
-Heartbleed a breach in OpenSSL that was in the code since 2011, unnoticed until 2014
-Quite recently PHP, Go and Python had the exact same vulnerability in the http_proxy protocol which could have lead to man in the middle attacks. A bug that was found in Perl already back in 2001, which also existed in nginx, ruby and curllib.
-Stagefright, an exploit in Android 2.2 released in 2011 that was discovered last year.
All this is opensource code that is massively being used has been created, reviewed and adapted by thousands and thousands of people.
And if I were to put source code online. 99% Of the users wouldn't look at it, 0.9% would only use it as some example without critically thinking about it and than you need the <0.01% guy that actually tests and analyze the in my case, over 1500 lines of code.
But I do get your concern.