Less well maybe but yes. Security researchers still proactively test them, and the maintainer has a much better chance of catching it themselves.
Less well maybe but yes. Security researchers still proactively test them, and the maintainer has a much better chance of catching it themselves.
I'd argue that we don't actually know if this is the case or not because we haven't yet gotten to that point. How do we know that security researchers won't just move to testing things later as well?
Because entire point of their work is to find the issues as fast as possible, and most importantly, before others.
You have a lot more faith than I do that companies paying security researchers will not try to cut corners by directing the researchers they employ or hire to look at stuff that they aren't even about to install.