I’m all for open source software so it can be understood, developed, and used by more people than if it was proprietary. However, I don’t get how it can be secure if malicious actors have access to the source code and the entire software package to practice their attacks against?
In: Engineering
If a piece of Open Source Software is actually widely used enough to be worth attacking, then odds are it’s a big enough project to have a lot of eyes on it. There are likely more eyes looking for and securing those holes than there are bad actors who are looking for them and abusing them.
Ultimately the biggest attack vector is people slipping in contributions with intentional vulnerabilities. This is a thing that *has* happened. However, that is something that also exists in closed source software. For example, in 2020, SolarWinds’ Orion platform was hacked and used to exploit the systems it was deployed on. This is a closed source software, and it involved someone getting a job there and getting to a position to introduce the exploit.
Latest Answers