Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
The situation you are thinking of is called “security through obscurity”. That is a situation where the security of a system is dependent on a bad actor not understanding it.
Typically in information security, relying on security through obscurity is not considered safe enough. You want security systems that are safe even if someone would know how they work.
Basically its the difference between locking you front door with a commercial lock, or relying on a burglar not finding the door because you planted a bush in front of it. With the lock, its public knowledge that a key is needed, but unless the burglar has your key that knowledge isn’t helpful to them (lockpicking not withstanding).
As far as congributing malicious code goes, open source projects have review processes. Its not that easy to slip something malicious into at least an estabilished project.
Latest Answers