https://opensourcesecurity.io/tag/economics/ Recent content in Economics on Open Source Security Hugo -- 0.139.4 en Sun, 03 May 2026 00:00:00 +0000 https://opensourcesecurity.io/2026/05-vulnerability-economics/ Sun, 03 May 2026 00:00:00 +0000 https://opensourcesecurity.io/2026/05-vulnerability-economics/ <p>There was recently a <a href="https://infosec.exchange/@gregkh@social.kernel.org/116498329060550348">really good thread</a> about the <a href="https://copy.fail/">Copy Fail</a> vulnerability between Will Dormann and Greg K-H. The TL;DR is that vulnerability reporting and disclosure is in a weird state of flux. This discussion got me wondering what&rsquo;s going on, and I think we&rsquo;re seeing the extremes emerging of how vulnerabilities have always worked. The middle of the bell curve has been removed.</p> <p>There are three groups in this story. The Security Researchers, the Companies, and Open Source developers. In the above discussion Will is a security research (one of the best I&rsquo;ve ever seen). Greg is part of open source. There isn&rsquo;t a great company representative, but that&rsquo;s OK.</p>