The recent XZ Utils incident—even though the issue was resolved quite swiftly—has shown that Free software developed mostly by enthusiasts is vulnerable.

As for me, I admire minimalistic programs written in the C programming language. One of such programs is "snac", and the idea behind it is fantastic. But look at this issue:

https://codeberg.org/grunfink/snac2/issues/94

A new bug was introduced as a result of working on the project, and the bug persisted even after the developer was sure to have fixed it. The developer did a great job though, resolving the issue eventually.

I believe that people should pay as much attention to processes or protocols of development as to choosing a technology stack. Many bugs could be caught if code was well reviewed, tested, checked with static code analyzers and verified.

Here's SQLite, a really good example of how a program should be tested:

https://www.sqlite.org/testing.html

And here's another example of robust software, a microkernel verified with formal methods:

https://docs.sel4.systems/projects/l4v/

It isn't enough to be a good programmer to create and maintain a cool project, one has to know how to test written software and how to develop and maintain processes :akkocultured: