Proprietary software has its own version of that problem where companies are informed of a vulnerability by researchers and then just don’t bother to fix it until the researchers are forced to publish it 😅
I’d guess the number of competent eyes on large foss projects used by companies is probably higher than more consumer focused stuff like Nextcloud (does Nextcloud position itself as a corporate tool? Maybe it does and I’m just not aware of it…) but I’m not the most knowledgable on this subject so I could certainly be mistaken
Edit: I’m dumb and still mostly asleep, just saw its literally a nextcloud article lol
Or they just call it a under documented or undocumented feature (thinking specifically about the Azure feature to let you access other tenants if they are using that Tenable reported last June).
Proprietary software has its own version of that problem where companies are informed of a vulnerability by researchers and then just don’t bother to fix it until the researchers are forced to publish it 😅
I’d guess the number of competent eyes on large foss projects used by companies is probably higher than more consumer focused stuff like Nextcloud (does Nextcloud position itself as a corporate tool? Maybe it does and I’m just not aware of it…) but I’m not the most knowledgable on this subject so I could certainly be mistaken
Edit: I’m dumb and still mostly asleep, just saw its literally a nextcloud article lol
Or they just call it a under documented or undocumented feature (thinking specifically about the Azure feature to let you access other tenants if they are using that Tenable reported last June).