I'd be more concerned about the developer side, particularly new developers and OSS contributors, the wide attack surface introduced by such complexity, long-term inflexibility, impossible to track down bugs, etc more than anything. I'm sure they have plenty of people to QA from the user perspective, just clearly not the code.
Maybe the developer was pressured to focus on releasing quickly over code quality...yada yada. The typical startup developer story. But not a story that I like to find in my security-focused software.
Maybe the developer was pressured to focus on releasing quickly over code quality...yada yada. The typical startup developer story. But not a story that I like to find in my security-focused software.