How does Opensource change how Security work?
How does Opensource change how Security work?
There are some people won't touch anything to do with open source projects as they feel it might have issues with security. What does open source actually do for security or change how it works?
In my opinion it makes a project even more secure. Many eyes are able to inspect the code and review it for known and unknown vulnerabilities. It is a cat and mouse game anyway, you might as well broadcast all the flaws in hopes of people catching them and helping to fix them.
@PrecisePangolin Thanks, this explains it really well.
I think the argument is usually
But I that's not really how it works because it doesn't cost anything to try an exploit. People generally aren't going to look through the code to try and spot a weakness when they can just run an automated thing to attempt common vulnerabilities. Open source, closed source, bad code will fail the same.
I see it as a lock. With open source, you know how the internal mechanism is supposed to work and you can judge how secure it is. With closed source, someone says "trust me" and doesn't show you how the inside works. It could just be a "if something metal is inserted, unlock the system".
Ultimately the best thing is to look for open source software that's been audited. If no one has checked the FOSS code, then you don't actually know it's safe. Once that's happened, best of both worlds.
One other concern might be "if it's open source, then everyone can see my password!"
Which is just... wrong