this post was submitted on 19 Sep 2023
60 points (89.5% liked)
Technology
59201 readers
3114 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Some software is absolutely more secure for being open source. There’s a reason why popular cryptographic libraries tend to be open, even those used in military applications.
If the security of your software component relies on an attacker not having access to your source, then your component is only secure until someone reverse engineers it and figures out how it works, at which point it is entirely compromised on all systems it’s deployed to.
So you need something else to provide security besides obscuring how the software works. In cryptography, that comes from a large, highly random encryption key. The reason that your online bank transactions are safe from an attacker snooping on your network is because, even having the full source code to the crypto libraries, it would take a computer longer than the age of the universe to guess the encryption key through brute force.
The benefit of open source is that it gets a lot more eyes on the code to find flaws and vulnerabilities - and to verify that the software does what the vendor claims, which is very much not always a given.