Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
There is, in fact, no real difference in security between enterprise and open-source code. These are, in fact, licensing distinctions, and do not pertain to the security or lack thereof, of a program. How do I know? Because Microsoft employs over 100,000 software engineers, who have the ability to read and modify source code. What’s preventing those people from either introducing their own vulnerabilities, or disclosing those vulnerabilities to criminals?
There are also techniques which permit people using software to pull apart compiled software and see how it is built. This is called a ‘decompiler’, and while it will not supply the same variable and function names, in fact, it is not possible to keep the function of computer software secret from the computer which has to run it.
Latest Answers