Imagine you invent a new combination lock. You play with it, and realize it’s literally uncrackable, and sell it on Amazon for $50.
No matter how smart you are, you have certain blind spots, and more people looking at it might get you some ideas on how else you could try breaking it without the code. 100 people make suggestions, most of which go nowhere, but *at least they’ve been tried*. The one person who comes up with a viable way to break it open is who you’re looking for.
Closed source software relies on the idea that “no one would buy one of these locks, take it apart, and look for weaknesses” or even “you can’t really take this lock apart at all!”
Open source software security comes from the idea that you can publish how the lock works, and many many people can look for weaknesses, which means your lock gets better over time.
So the idea is that even if someone knows EXACTLY how the lock is made, they can’t get in without the code that the user set. That’s a lot more reassuring than hoping that no one has taken it apart, right?
Latest Answers