Peter is the former President of the New Zealand Open Source Society. He is currently working on Business Workflow Automation, and is the core maintainer for Gravity Workflow a GPL workflow engine.
If the security of your application depends on obscurity of the source code you are not exactly secure are you? Your application should not contain deployment artifacts, credentials, or anything else that exposes how your particular installation runs.
If you make your code open source and others use it they will have an interest in reviewing and resolving security defects. Open means honest. No hiding defects, they must be resolved.
Now this isn't magic. Just because you release your code on github doesn't mean magic coding fairies will fly in and perform a security audit on all your code. If your code has more holes than swiss cheese releasing it would be nuts. So at the very least resolve the issues you know about and have a go at hacking it yourself.
At the end of the day something that is in wide use as open source is far more secure than something that is used by only one organisation which is closed to inspection or review. Most of your stack is probably open source already. Obscurity only gives you a false sense of security.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
If the security of your application depends on obscurity of the source code you are not exactly secure are you? Your application should not contain deployment artifacts, credentials, or anything else that exposes how your particular installation runs.
If you make your code open source and others use it they will have an interest in reviewing and resolving security defects. Open means honest. No hiding defects, they must be resolved.
Now this isn't magic. Just because you release your code on github doesn't mean magic coding fairies will fly in and perform a security audit on all your code. If your code has more holes than swiss cheese releasing it would be nuts. So at the very least resolve the issues you know about and have a go at hacking it yourself.
At the end of the day something that is in wide use as open source is far more secure than something that is used by only one organisation which is closed to inspection or review. Most of your stack is probably open source already. Obscurity only gives you a false sense of security.