959
The Problem with Linus Tech Tips: Accuracy, Ethics, & Responsibility
(www.youtube.com)
~~⚠️ De-clickbait-ify the youtube titles or your post will be removed!~~
~~Floatplane titles are perfectly fine.~~
~~LTT/LMG community. Brought to you by ******... Actually, no, not this time. This time it's brought to you by Lemmy, the open communities and free and open source software!~~
~~If you post videos from Youtube/LTT, please please un-clickbait the titles. (You can use the title from https://nitter.net/LTTtranslator/ but it doesn't seem to have been updated in quite some while...)~~
That's what I hate about the open source crowd's "everyone can check the source code" argument! How many users actually do that? It must be pretty fucking close to 0%! A dev with malicious intent could easily introduce shit in an update that no one would notice for an extended period of time if ever!
https://www.veracode.com/security/dangers-open-source-risk
expired
It's still a decent argument. While many/most may not be able to read it and understand it it is still better to have some (outside the project) that can look at the code and check it independently.
It certainly depends on the project and how much it is used. A library someone threw together on an afternoon will unlike a bigger project like NGINX, have little to no external eyes on it.
Though it's not just about reading it. Open source projects (depending on their size) can usually react faster when a bug or problem is found within it.
The same can be said with closed source applications. A dev or the entire company (if they where to go down such a path) could also easily introduce something nasty. In that case there would be no way at all to confirm that anything bad or upright malicious was introduced (unless it gets so bad that it would trigger an Anti-Virus or is easily noticeable).
Is Open Source alone making software more secure (or prevent malicious actions)?
No. But it can be a sizable improvement. Just like security through obscurity^1^^/^^2^ (when given as an isolated argument) is not making software more secure (dare I say it decreases its security; when used in isolation).