Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
There are two main things you’re missing here.
The first is that obscurity is not security so hiding your security flaws only protects you until someone finds them – and they will virtually always be found eventually. Also at least in terms of software security isn’t a particular set of methods that if exposed become exploitable, secure software is software that is as close to bug-free as is possible and doesn’t make any of numerous exploitable errors.
The second is that being open source also exposes your code to lots of other eyes who can spot those bugs and flaws and fix them. A community of security-minded programmers is also less likely to get locked into a particular set of assumptions and thus won’t miss errors that your dev team misses over and over again because they assumed they weren’t a problem. Different things stand out to different people for different reasons; the more eyes that look at your code the more perspectives there are from which to spot things that have been overlooked by people who are too invested in the project.
Latest Answers