If OpenSSL was for-profit, it would be a corporate project with dozens if not hundreds of developers
It seems like you don’t have a very broad exposure to closed source development. Corporations frequently have a skeleton crew working on a component or entire project. You might notice if you get escalated to development enough that it’s always like the same guy or two. It’s because they might only have a couple of guys working on it. Some companies will spend more on measures to obfuscate that reality than they would spend on actually developing. Certainly some corp closed source projects are that big, but so too are many open source projects.
Hell I’ve dealt with financial institutions using proprietary software that was abandoned by their vendor 15 years prior (came up because the software no longer worked with new stuff, and the institutions demanded wrapper software for new stuff to imitate the old stuff enough to keep using the unmaintained, unpatched, zero developer project).
I also don’t think companies are holding the proprietary vendors to quite the standard you imagine, certainly not automatically. By the same logic you propose for open source “someone else must have done it”, you also have that for big companies, if not more so. “Surely they have good security practices” or “it’s so popular someone must have done that”.
It seems like you don’t have a very broad exposure to closed source development.
Probably not. 15 years is not that long, what do I know, I’m just on senior expert level.
Companies run skeleton crews on crap products that don’t make money. Stuff they give away for free or that’s only used by legacy customers. Stuff they can’t shutdown because of contracts or because it still making a bit of money.
You might notice if you get escalated to development enough that it’s always like the same guy or two. It’s because they might only have a couple of guys working on it.
This is where your lack of knowledge about products like that shines through. It’s common to only get the same guy or two, because that’s the people designated (or willing) to talk to customers.
In real life, OpenSSL was run by a single person. That’s not a skeletton crew, that’s abandonment.
From what you are writing you aren’t a programmer and you haven’t worked in a software corporation before, but instead just extrapolate from your experiences with customer support.
Probably not. 15 years is not that long, what do I know, I’m just on senior expert level.
Longevity is not a guarantee of broad exposure. It may mean you have deep exposure, but making the rounds around the industry I can’t imagine maintaining such a universally optimistic picture of commercial management of software development.
Companies run skeleton crews on crap products that don’t make money.
Companies run skeleton crews on products when they think they can get away with it. Very high profile commercial projects with a lot of analyst attention may not be able to get away with it, but some surprisingly high profile projects without quite as much scrutiny get away with more than you would guess.
This is where your lack of knowledge about products like that shines through.
I’m speaking from familiarity with the provider side of things, wondering when a customer will catch on that they can’t seem to get that awesome support unless it’s the same guy as their peers get, and suspiciously unable to get decent support for a random week in June or something.
From what you are writing you aren’t a programmer and you haven’t worked in a software corporation before
Incorrect assumption on both counts. A few companies across a couple of decades and two of those companies extensively engaging with other companies on projects to get me some exposure to closed source development organizations even at some other companies.
Why do you seem convinced I can’t possibly be a software developer? Evidently your development career has given you one experience with a company that takes the task with a great deal of seriousness and I’ve seen that happen, but a lot of companies are not so diligent and either try to game things best they can either with like two people making git commits or an army of offshore developers that seem to quit within 6 months leaving little competency and plenty of opportunity for a bad actor to get in the door.
It seems like you don’t have a very broad exposure to closed source development. Corporations frequently have a skeleton crew working on a component or entire project. You might notice if you get escalated to development enough that it’s always like the same guy or two. It’s because they might only have a couple of guys working on it. Some companies will spend more on measures to obfuscate that reality than they would spend on actually developing. Certainly some corp closed source projects are that big, but so too are many open source projects.
Hell I’ve dealt with financial institutions using proprietary software that was abandoned by their vendor 15 years prior (came up because the software no longer worked with new stuff, and the institutions demanded wrapper software for new stuff to imitate the old stuff enough to keep using the unmaintained, unpatched, zero developer project).
I also don’t think companies are holding the proprietary vendors to quite the standard you imagine, certainly not automatically. By the same logic you propose for open source “someone else must have done it”, you also have that for big companies, if not more so. “Surely they have good security practices” or “it’s so popular someone must have done that”.
Probably not. 15 years is not that long, what do I know, I’m just on senior expert level.
Companies run skeleton crews on crap products that don’t make money. Stuff they give away for free or that’s only used by legacy customers. Stuff they can’t shutdown because of contracts or because it still making a bit of money.
This is where your lack of knowledge about products like that shines through. It’s common to only get the same guy or two, because that’s the people designated (or willing) to talk to customers.
In real life, OpenSSL was run by a single person. That’s not a skeletton crew, that’s abandonment.
From what you are writing you aren’t a programmer and you haven’t worked in a software corporation before, but instead just extrapolate from your experiences with customer support.
Longevity is not a guarantee of broad exposure. It may mean you have deep exposure, but making the rounds around the industry I can’t imagine maintaining such a universally optimistic picture of commercial management of software development.
Companies run skeleton crews on products when they think they can get away with it. Very high profile commercial projects with a lot of analyst attention may not be able to get away with it, but some surprisingly high profile projects without quite as much scrutiny get away with more than you would guess.
I’m speaking from familiarity with the provider side of things, wondering when a customer will catch on that they can’t seem to get that awesome support unless it’s the same guy as their peers get, and suspiciously unable to get decent support for a random week in June or something.
Incorrect assumption on both counts. A few companies across a couple of decades and two of those companies extensively engaging with other companies on projects to get me some exposure to closed source development organizations even at some other companies.
Again, support is not development. Experiences with support does not allow conclusions on development.
And having no experience in development doesn’t qualify you to make statements about development.
Why do you seem convinced I can’t possibly be a software developer? Evidently your development career has given you one experience with a company that takes the task with a great deal of seriousness and I’ve seen that happen, but a lot of companies are not so diligent and either try to game things best they can either with like two people making git commits or an army of offshore developers that seem to quit within 6 months leaving little competency and plenty of opportunity for a bad actor to get in the door.
Well, you said you only have experience from the outside.
I don’t see anywhere where I said that…