Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
Knowing how something works isn’t a vulnerability.
In your bank example, if you know the bank requires a keycard+PIN to get through secure doors, knowing that fact doesn’t help you, you still need to get your hands on a keycard and PIN to open those doors.
If you’re thinking: “I’ll just make my own keycards and PIN”, the information on those cards that makes them valid in the bank’s security system isn’t part of the openly available information and registering a PIN requires you to already have access to the system.
Each user of an open-source system configures their own secure data and keeps it secret from the public.
As for contributing malicious code:
You can *ask* the maintainer of an open-source project to include your code. If they don’t know you they will (hopefully) read through the code you’re asking to include, ask you questions about it and if they don’t like what they see or hear they will just deny your request.
You can add your code to your own version of the software but you would have to convince people to use your version instead of the original and a bunch of people will look at your version of the software purely out of curiosity and if they find anything suspicious they will tell everyone they know to stay away from your software.
Latest Answers