Anyone can see it, but it’s not like just anyone can change it without permission. Part of why it’s considered safer is because you can be sure that nobody’s sneaking in things they didn’t tell you about since you (or someone you trust to know what they’re talking about) can go look at the code, which you can’t usually do with pre-compiled programs.

People can see everything that people are trying to add to it, and they can object if they see something that doesn’t look right.

With closed source software, the public users have no idea what’s going into it or how the company is reviewing changes.

I would not say that open source software is automatically safe, but popular open source software is probably saf*er*.

I have a piece of closed-source software that’s super secure. Trust me, it really is. I’m not going to show you the code, but I pinky-swear promise it’s secure.

I have a piece of open-source software that’s super secure. Go ahead and look at the code yourself if you want proof.

It’s not quite like wikipedia where anyone can change it. Anyone can write some changes and offer it up to the project owners for them to look over and decide whether or not to integrate the changes. Anonymous people can’t just change the software on a whim.

With open source, you have hundreds to thousands of people reading and rereading each line of the code. This means that if a bug or safety issue is detected, it can be patched before it’s been used for wrong doing. It’s not to say wrongdoing can’t happen, but that it’s less likely simply because so many people understand how something works.

With closed source, you have a significantly smaller team of people who build a software, and they pretty much rely solely on reports to solves problems. No reports = no fixing. This leads to the possibility of many different security issues that need to be fixed. We’re a human, and they commit human errors. As a programmer myself, I can’t tell you how many times I’ve written something, believed it should execute a specific way only to spend hours upon hours trying to find an issue that was right in front of me the whole time.

It’s just a mathematical thing, really. The number of fresh eyes with different experiences and different areas of expertise vs the eyes who wrote it (or inherited it and don’t even actually understand who’s going on).

“Open Source” isn’t a monolith: Each project is run differently and has different requirements for contribution. All changes on the main branch of an open source project or piece of software must meet the contribution requirements, so in general the group of people who manage the project have oversight and will only accept changes that they want, which means that if you trust the person or group of people that manage the project you can (generally) trust the project and resulting software as well.

If in distributing an open source application which doesn’t steal passwords, every one is Alcyone to verify it doesn’t, and anyone who got theirs from me won’t have their password stolen. Say, you take my app and add code in it which steals people’s passwords – if you distribute it as open-source, people will find out that your fork of my app steals passwords, and warn others to get their app from me and not you.

Your only good alternative is to distribute your app with the source code closed, and market it to people who don’t know better, and don’t realize there’s a free, open-source alternative. Welcome to the software market.

In no sense is open source software free of bugs or safe. There are plenty of people looking at it, but cleaver evildoers are very hard to detect. There was a security defect in OpenSSL for a decade before it was detected.

No software is safe, unless you wrote it yourself and wrote the compiler that compiled it yourself and wrote the operating system that runs it yourself and didn’t make any mistakes. This means no software is safe.

It is intrinsically safe by virtue of being fully open. A person with an understanding of the programming language used can see exactly what it is doing.

But then we come to the issue of any one being able to change it, and you’re right. That’s why you should only download from a trusted (original) source. They may also provide a hash or something that proves the compiled program you downloaded is the official unaltered version.

Open vs. Closed source is essentially whether you are allowed to view the process that created the software you’re using. Without knowing the process, you must simply trust the creator of the software to have no bad intentions.

While it can be accessed by anyone, changes are not so simple. While you can download, view, and edit the source code as you like, you can’t change the origin of the download unless the creator manually approves your changes.