Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
In theory, open-source should be safer because many people can look at the code and see problems and maybe fix them.
In reality, both open- and closed-source projects could have good or bad situations. A project could have a single developer, no tests, and many problems lurking in the code. Or a project could have a lot of devs, good practices, testing, a QA department, etc.
A corp may have the resources to pay for good devs and good testing and good QA and fast bug-fixing etc.
Long-standing bugs have been found in open-source software that was heavily used:
https://www.theregister.com/2021/01/26/qualys_sudo_bug/ (10 years)
https://www.theregister.com/2021/06/11/linux_polkit_package_patched/ (7 years)
https://thehackernews.com/2022/08/as-nasty-as-dirty-pipe-8-year-old-linux.html (8 years)
Latest Answers