Thank you!

You are welcome.

You are welcome.

I think that's more theoretical than reality. For example, even at the Microsoft level there isn't a lot of people adding patches. Mostly it is Microsoft employees. At the smaller OSS project level, a lot of people are getting their PRs ignored because merging the PR will add a burden to the OSS maintainer. As for the tracking of the usage, I think it is very easy for OSS to do that (and a lot do). What you need to remember, though, is that a lot of OSS isn't the entire system, just pieces. When you are referring to closed-source projects, you are talking about complete systems. That's a bit of an apples to oranges comparison.

@@IAmTimCorey I don't agree on that. A component that researchers use to express how secure software is, is the patch rate. I remember that in the passed MacOS was considered very secure because there few leaks and bugs in the software, but their rate dropped because of terribly long patch cycle. The reason is that the longer a known issue exist, the longer you are vulnerable for attacks. Compare it to a house. If you build a house with no locks and nobody knows, you most likely will have very few burglars coming in. But when it becomes public knowledge, they are practically in line to access your house. The only thing you can to prevent that is to add locks to all your doors. I am not sure if you remember the log4j issue from a couple of years ago. That problem was there for years unknowingly. But when found it was patched very quickly and the entire world was patching their systems. For smaller OSS projects there is of course a resource issue, for closed software there are political and financial decisions made... But bigger OSS projects have usually contributors from companies like Microsoft, Red Hat, Google and such. Not just small companies or individual developers. Regarding data collection, the best example is probably VS Code. Microsoft has a lot of tracking software in there. Some developers didn't like that and they forked the project. They made a version without the tracking software and called it Codium. Same thing for Google Chrome and Chromium. Code reviews are a proactive way to prevent bugs. But like you said yourself that doesn't mean there will be no bugs in the software. Therefore patch cycles are just important as the reviews. That PRs are ignored by both OSS and CSS projects for many reasons. With OSS it is often done because of the burden and the limited time developers have, like you mentioned. With CSS projects it is often done because of commercial reasons. E.g. the software company wants to release new features, because it will gain a competitive advantage and/or creates more revenue.

Yes, a lot of my courses have homework or challenges to complete. What I don't often provide is the "answers". I push people to treat the homework like they would a real-world assignment. They have the requirements. They have the training. Now they just need to put it all together. I especially focus on homework in my Mastercourses and in my Accelerate courses.

​@@IAmTimCoreyThank you, great.

I'm glad you like it.