Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
There are different kinds of security. Using the bank analogy, banks have a vault.
They want everyone to know how thick the walls of the vault are and what kind of steel it’s made from. Knowing this doesn’t make it easier to steal from the bank. If anyone was able to cut into a vault, every bank would know immediately and would probably change their vaults.
Some vaults have combination locks. If anyone finds out the combination, then it doesn’t matter how thick the walls are, that vault is useless, and nobody will know.
Other vaults have key locks or time locks. Knowing that the vault has a key lock or a time lock doesn’t help you open it.
Open source software is like telling everyone how thick the walls of your vault are and using keys or time locks that can’t be opened with a secret. It also promotes a community of people who all care about keeping vaults safe and who can share best practices without helping criminals.
Just publishing your code doesn’t make it safe. Having a community of smart people working with it and improving it does. The Linux kernel that is running most of the internet is possibly the most inspected code in the world. You don’t have to understand it all yourself for it to be safe, because others who have more to lose from a breach than you do are doing that.
Latest Answers