When you say “unsafe” do you mean more than just cheaters? like a “personal data being leaked” kind of thing?

Nothing immediately. If the security of CSGO was based around concealing the source code, it was probably already being exploited anyway.

The source code being available means that everyone can see how the server operates. Which means people can see directly what vulnerabilities there may be rather than just guessing. It makes a hackers job easier, basically.

The flip side of this is that having your code open sourced means that lots of good programmers and security experts can audit the code and recommend changes to the publisher.

It’s a double-edged sword basically.

The source code is like blueprints. If a gang of smart bank robbers got their hands on the blueprints of a bank, they can identify weak spots and hidden passages to break in and steal all the money.

What people are mainly afraid of, to my knowledge, is hackers using Remote Code Execution to screw with your computer. With the source code being leaked, people can see the vulnerabilities that they can exploit and write programs that let them run their own scripts that can force the game to execute code on other people’s computers. This opens up a lot of possibilities for using the game’s servers to do unsavory things to other people, from crashing their game to infecting their computer with malware to deleting their files. Crazy stuff, though a lot of this comes from my pre-existing knowledge of RCE from Heartbleed (a similar bug in OpenSSL from 6 years ago that largely worked the same way, using a vulnerability in the software to execute code remotely on people’s computers).

Looking at the source code makes it much faster to understand exactly how the program works. This includes bugs in both the client **and** the server that can allow for arbitrary code execution and thus malware.

Now that it’s many times easier to understand the code for them, people can find a bug that sends bad data to a server and take it over. Then they can find a bug in the client that lets a taken-over server send bad data to the client and run malware on the player’s computer.

Think of it like giving a floor plan/map of your house to a robber. They wouldn’t have to guess how to break in and where to look for valuables.

**roborocko**’s analogy of breaking into a house is quite a good one.

Basically, (1) even really good designers and coders never produce perfect code, and (2) testing never finds all the bugs. The more people who get a chance to genuinely examine code, the more likely it is that someone will spot the quirky, possibly obscure things that are inevitably wrong with it – which is why Open Source is such a useful model. Conversely, the fewer people that look at it, the more things are likely to go unnoticed. (The very worst case – and I’m not suggesting that this is true for this software, because I have no particular knowledge of it – is someone trying to test their own code – because they inevitably won’t, deliberately at least, test for things they didn’t think of when they were developing it.)

Proprietary code is likely to have been looked at, at most, by a very small number of people. There almost certainly WILL be things in there that the designer(s) didn’t think of, or plain got wrong, that could be used by someone malicious to exploit it. Simple as that. That’s vaguely OK as long as no-one knows how it works – “security through obscurity” – but it’s ultimately not a rugged model for genuine security. And once the code is leaked – you have problems. People are free to look for ways to get it to do things it shouldn’t. Bascially, **roborocko**’s robber, if they look carefully, has not only your house plans but also the make, model and security code of your safe, a list of what’s in it, and a copy of your diary telling them when it’s safe to break in.