@watchintv, let me try to offer this suggestion: "You are 'afraid,' but you don't know what you are afraid 'of.' And, it is this lack of certainty that makes you even more afraid." This can make you a perfect target for a "snake-oil salesman." (Or, the purveyors of ultra-high powered rifles.)

But, you have a job to do, so you need information. Or, maybe the more-appropriate word is context.

There are many places (beyond this web site) where you can begin to find it. For example, research topics like "penetration testing." Look on the internet, in general, for topics which will help you to better understand who your potential "opponents" might be, and what vulnerabilities they might be looking for.

This site is an entirely-qualified source of answers for whatever questions you might ask, but I very-politely suggest that, at this point in your journey, you really don't know what questions to ask. And that's a very awkward place to be – P.S. we have all been there including me. (Lots of times.)

2 members found this post helpful.

There is also the issue of 'hypocrite commits" as shamefully demonstrated by the University of Minnesota in 2021. https://news.itsfoss.com/hypocrite-commits/
Who knows what else has been going on with commits form other parties...
The software and patches installed to secure a system must go through some sort of QA... even more so any software used for auditing.

1 members found this post helpful.

Some bugs and issues would never have been discovered if the code was not openly available. The code has ALOT of reviewers.

Some issues are so obscure that realistically they are not even relevant, but they keep being discovered and fixed. If you compare this to a closed operating system, it's quite easy to imagine or assume that such systems contains thousands of non-reviewed issues and obscure issues that was never or will never be considered for a fix and has instead become part of the system.

At the very least it is an interesting thing to consider.

2 members found this post helpful.