Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Is open source software more secure or less secure ?
Message
<blockquote data-quote="ncage" data-source="post: 935493" data-attributes="member: 62363"><p>As a developer i would say neither but i think is better if its open source that closed source. Security by obscurity doesn't help either (closed source). The pro of open source is that of course people can review the source code for issues. The con is bad people (or state actors) can review the code for issues. Once a major flaw is found there is a market to sell these flaws (usually the highest bidder are bad guys). There have been major flaws in open source software that have been there for years and never found (openssl recently (heartbleed)). Being a developer myself i'm not going to be looking for security vulnerabilities in openssl. Its extremely complicated code beyond what i traditionally & most developers deal with. Looking though the openssl source code is no fun. There are very few people who would have interest in looking at the code unless they were being paid for a code audit. There are other ways to find security issues with code that don't require access to the source code (pen / fuzz testing). How many times in the past did people find ways to jailbreak ios? Well those are bugs in the source code that people find around the security checks in IOS and they didn't have access to the source code. So from a security aspect i think code being open source is a good thing but there is no silver bullet.</p></blockquote><p></p>
[QUOTE="ncage, post: 935493, member: 62363"] As a developer i would say neither but i think is better if its open source that closed source. Security by obscurity doesn't help either (closed source). The pro of open source is that of course people can review the source code for issues. The con is bad people (or state actors) can review the code for issues. Once a major flaw is found there is a market to sell these flaws (usually the highest bidder are bad guys). There have been major flaws in open source software that have been there for years and never found (openssl recently (heartbleed)). Being a developer myself i'm not going to be looking for security vulnerabilities in openssl. Its extremely complicated code beyond what i traditionally & most developers deal with. Looking though the openssl source code is no fun. There are very few people who would have interest in looking at the code unless they were being paid for a code audit. There are other ways to find security issues with code that don't require access to the source code (pen / fuzz testing). How many times in the past did people find ways to jailbreak ios? Well those are bugs in the source code that people find around the security checks in IOS and they didn't have access to the source code. So from a security aspect i think code being open source is a good thing but there is no silver bullet. [/QUOTE]
Insert quotes…
Verification
Post reply
Top