How safe is open source?

manuel · December 3, 2020, 8:18pm

Here’s a study: https://www.zdnet.com/article/open-source-software-security-vulnerabilities-exist-for-over-four-years-before-detection-study

keybreak · December 3, 2020, 8:22pm

According to GitHub’s annual State of the Octoverse report

So allow me to translate:

According to Microsoft…

Nobody should give a flying what M$ think about open-source, except that they’re trying to subvert it for later destruction.

Never tired of saying: F**K Microsoft!

onyxnz · December 3, 2020, 10:22pm

Yeh, not like Closed Source is better; from 2019: https://www.techradar.com/news/windows-7-and-xp-are-vulnerable-to-a-major-security-exploit-so-patch-now

dalto · December 3, 2020, 10:29pm

The reality is that open-source software is no more less vulnerable to security exploits than closed source software.

BONK · December 4, 2020, 11:05am

Welcome aboard!

keybreak · December 4, 2020, 11:20am

Welcome

Completely eliminates government / corporation backdoor in given software, if it’s audited properly by many experts - it will get blasted immediately with solid proof, if source is open.
It’s not that FOSS is immune to bugs / security problems, nobody advocates that, but if they’ll get found - they will be most likely:
- Found faster, since more people all over the world can potentially look at it
- Get fixed faster, since even if you have best security team which all act in a good faith (let’s face it…extremely rare) in closed-source product - it’s highly unlikely they’ll be better / faster in isolation than all the rest of the World…
Obviously software need to be actually good / debloated to be secure
OpenSSL is a good example of crap by design, in my opinion, compared to something minimal like LibreSSL.

ve9cbc · December 4, 2020, 11:53am

The biggest security flaw in any OS is the operator of the computer. If you don’t do regular maintenance, and keep the OS updated, you are bound to have security holes. With Open Source, you have the option to find those security holes and report them to those who look after that code - or you can fix it yourself and pass on the patch to the attention to those concerned. I’ll bet that you can’t say the same thing to products from the other two major OSes.

I would much rather have Open Source than Closed Source programs and operating systems any day.