Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
Make it easy for hacker to find vulnerabilities: yes, but we accept this trade-off because we got a ton of people who find vulnerabilities and then propose fixes.
Contribute malicious code: not really, since code contributions are reviewed by a trusted circle.
At the end of the day, kind of yes to both counts, so that is why (1) open source is not used for particularly sensitive applications or (2) the open source code is some very widely scrutinized stuff that we feel good about.
For example, if you open source a very good algorithm to compute the matrix determinant and someone else runs it somewhere, there’s no vector of attack being introduced anywhere.
Latest Answers