Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
The answer is that it does, and it doesn’t.
For popular projects, you can have thousands of people.lookog at the code, big companies like google,. Microsoft, Amazon etc. even contributing code and fixes, and that makes it pretty save because there’s a lot of oversight over what goes on.
However there are other projects that are popular, but that don’t have as much attention, so it’s easier for a vulnerability to go unnoticed.
Then there are other projects that were hugely popular, but now nobody really looks at, that is very easy to slip in a vulnerability, and all the users that upgrade or whatever now have that vulnerability.
So basically, open source is “safer” proportionally to how many eyes are on it.
Latest Answers