Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
In addition to the other answers, it’s also worth mentioning a bit about how computer security works.
Open source projects don’t publish the lock and the key, so to speak. It’s more like publishing a process for creating secure locks, but the user has to provide the key. And these lock-making processes are designed to be secure even if you know the process.
(This applies to all programs, really, not just open source. You should never have “keys” in your source code, only the locks.)
So reading the source code (in theory) doesn’t make it any easier to hack the program, because hackers don’t have the key, and the lock-making method has (hopefully) been checked by lots of different people to ensure it’s secure.
Latest Answers