Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
You have different scales of programs in terms of volume. Let’s suppose you download a program that’s only 2KB in size, a few lines of code and it purpose is to increase the brightness of your screen. It does so by using the same mechanism Windows uses. It is just a handy program that helps you do it faster. No problem there. Now imagine a 500MB program that is an audio player, cloud service, etc ( imagine something as Spotify ) . That is not “only” a small program but a set of several files that may depend on other files ( following with Spotify example, it has the Spotify program and also has a kind of Google Chrome inside. ) So if any of those small programs, or libraries or anything, is vulnerable, most probably all the rest of the program is.
So, the potential vulnerability of the code depends on a lof of thing. The size, the number of elements it is made of, etc. In digital security they call it “attack surface” . In simple terms it is something like the more you encompass, the more you expose yourself.
Open Source software can rely on closed source software. Meaning you have an open source program that does something but through other programs. Again, I’ll tell , the more complexity, higher the risk
Latest Answers