This exploit wouldn’t have been discovered if the source wasn’t available to this nasty person looking for fame.
You shouldn’t use Windows and any proprietary software at all because big bad developers are all packing malware lool. That’s just insane way of thinking. Unfortunately, it’s the only defense I hear from OSS fanboys, the funny thing is they say this while literally everything on their PC is proprietary.
Open source is trash, most open source software are trash. This has been a great lesson for me to not use open source for mission critical sites where my money is on the line. The only reason I use Cyberpanel is because it is free but I have moved to Centminmod (nginx) for some other sites.
There is no telling what exploits would or would not have been discovered if it was closed source. It may not have been this one, it may have been another. It doesn’t really matter, if the dev team acted in the same way the result would be the same. The openess of the code however allows outsiders to find exploits and inform the developers who can then fix them - and make sure the fix is applied before going public.
I don’t use Windows or any proprietary software 
Whataboutism - Whataboutism - Wikipedia
I agree about the developers completely messing this up.
Good on you for sticking to your principles but most people don’t. They talk trash about proprietary software while at the same time preferring to use proprietary software - some even using non-legit versions 
It is ok for software being open-source.
After reviewing the bug it was obvious, it totally missed the proper authentication, just a few lines of code could prevented that hack. How that mistake was made in the first place, it basics of programming. If they are making mistakes like that who knows how many other bad code there is, i can’t spare that much time to investigate.
I lost some clients after my Cyberpanel server got hacked, clients don’t care about whose fault it is. My company’s reputation suffered, at least we had backups and managed to restore websites one by one, but it costed a lot of time. I never fully trusted those developers after i learned where they are from. Luckily i used Directadmin for my other clients and it wasn’t affected during this incident.