The other day I had a discussion about whether source code is more secure when hidden out of sight — a valid discussion point that sometimes comes ...
For further actions, you may consider blocking this person and/or reporting abuse
This seems to be a perennial topic in our world 😁
There are examples where open source has not provided the 'many eyes' and 'many hands' benefits to security that was hoped for (openssh being a recent fail), and although there are a number of good practices which reduce risk in both open and closed source models (as you clearly list out), each of these requires time and effort to put in place and maintain - cost which is often traded off against other interests such as: a commercial drive to be first to market and get investment returns (sometimes knowing it will crash and burn, but not caring); a desire to promote oneself as a productive developer (hire me, I'm a 10x dev!); a desire to quickly solve a problem and move on (hacked together code).
Thus I find the ethos of a group of people creating and maintaining software to be important in trusting them to get risk management / security right - my rule of thumb: software created without much care for our craft, skill and engineering professionalism is going to have issues, so actively manage the risk if you choose to use it!
I love your work man !! Seriously. This was so breath-taking and amazing !!
Kudos to good work !!