feels like people are arguing the wrong axis tbh

- it’s not open vs closed anymore, it’s more like bug finding going a few devs poking around to basically infinite parallel scanners

- so now you don’t get a couple of thoughtful reports, you get a many edge cases and half-real junk. fixing capacity didn’t change though

- closing the repo doesn’t really save you, it just switches from white-box to black-box… and that’s getting pretty damn good anyway

real problem is: vuln discovery scaled, patching didn’t. now everything is a backlog game