Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
Developer here.
Software isn’t inherently insecure just because we know how it works. Software becomes insecure when it can be forced by tactics not anticipated by a developer, to do things it wasn’t intended to do.
Hackers – the really good ones – have a deep understanding of how systems are made, and can recognize opportunities to exploit insecure code.
A large number of developers, building tools to detect and using their own expertise to detect and close these loopholes, is the best way to prevent exploits from being placed in the code, or from staying there later.
Open source provides – for the low price of being offered a chance to help keep the code safe – a license to use the software for themselves. Some open source licenses grant additional rights, but that’s the basic idea: alone we might write imperfect code, but together, we can make it better.
Edit: some nuance but same idea.
Latest Answers