Open source software presumably doesn’t have any secrets. Anyone is free to review it to find out precisely what it does. Now, that doesn’t mean it’s impossible for bad stuff to be embedded in it. Sometimes that happens and it goes uncaught because nobody actually looked closely. Sometimes that happens and it goes uncaught because it was hidden really sneakily in code that looks like it’s doing one thing, but as a side-effect does something else.
But unless you’re going to actually audit something yourself, you’re always trusting other people. You have to ask yourself who you trust, a community of random strangers who work on a project in the open or a [likely] commercial entity with stated goals (which may or may not match their *actual* goals) and software that they promise does what they say and doesn’t do other stuff.
Sometimes I choose one, sometimes I choose the other. There’s not a straightforward answer that applies to all cases IMO.
Latest Answers