alt Hacker NewsI don't think that's relevant. You can still find security issues in software nobody uses.
The question is a matter of impact because of how used the software is.
I don't think that's relevant. You can still find security issues in software nobody uses.
The question is a matter of impact because of how used the software is.
Way fewer people are going to look at obscure things, so a lower percentage of issues will likely have been found. There is less fame and fotune in spending security research time on obscure software. Most small libraries won't be covered by any bug bounty programs either for example.