Several critical bugs on the Twitter-like social media platform Mastodon were patched last week, after researchers funded by the Mozilla Foundation tipped their hat to the vulnerabilities. The situation shows one of the fundamental tradeoffs in open-source software development: that publicly available code can be reviewed and exploited by anyone. In Mastodon’s case, Mozilla paid German security firm Cure53 to pen test the social network, after announcing plans it would be using Mastodon for some corporate communications.