Perhaps I need a better understanding of what open source means, but how can a program that is openly publishing its code not be super vulnerable to cyber security threats. That’s like a bank publishing exactly how all it’s security works right? Obviously I’m missing something here, so ELI5!
In: 427
The basic idea is that of many eyes looking at the code.
Making sure a program is secure is quite hard and takes a lot of time. In open source the argument is usually that (at least for popular programs) if everyone can easily look for security issues, they will also be found by honest people who report it to the devs. (Because most people are not actively malicious). In Closed source only the people the company pays to look at it can look at it in an easy way. Everyone else has to work from the binaries, which is way harder. So this is more likely to be something done by people who stand to gain something, I. E. Malicious people.
In practice this argument doesn’t necessarily quite work out to make open more secure than closed, but it is good enough, that it’s not worse.
Latest Answers