Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
Its only vulnerable if there are actually flaws in the security! In your example, imagine a bank so secure that they publish their security system so that thousands of people can learn from it and improve it for other banks. They don’t include any of the passcodes, just the prize-winning design of the system, which is considered undefeatable without passcodes and biometrics. Thousands of bank security experts, after all, have found no way in after years of actively looking!
As to the second point: you can’t just upload code; it has to be approved by someone the project trusts.
Edit: A good starting point for more, and quite approachable, is Eric S. Raymond’s _The Cathedral and the Bazaar_, which is summarized quite effectively on its Wikipedia page.
Latest Answers