Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
Depending on what your thresholds are, all software where the executable files are accessible and readable could be considered to be open source. People who have sufficient resources and/or experience can read the executable files (i.e. machine-readable source code) and reverse engineer them into human-readable source code to understand how a program works. Or, more likely (because it’s a smaller surface to look at), they’ll reverse-engineer security patches/updates to understand what the patches fix, and try to work out how to exploit the things the patches are trying to fix in unpatched systems. And once that knowledge is discovered by one person, it can be easily replicated and sent round the world.
Where human-readable source code is made freely available by the developers, the resources required to understand how a program works are substantially reduced, so the number of people who can look at that code and suggest changes is substantially increased. That’s the hope of free and open source software – by allowing anyone to essentially have the same information that program developers have, enough people will want to improve the software that it is a net benefit to the users of the software.
Latest Answers