I support free and open source software (FOSS) like VLC, Qbittorrent, Libre Office, Gimp…

But why do people say that it’s as secure or more secure than closed source software? From what I understand, closed source software don’t disclose their code.

If you want to see the source code of Photoshop, you actually need to work for Adobe. Otherwise, you need to be some kind of freaking retro-engineering expert.

But open source has their code available to the entire world on Github or Gitlab.

Isn’t that actually also helping hackers?

  • emb@lemmy.world
    20·
    24 hours ago

    The idea you’re getting at is ‘security by obscurity’, which in general is not well regarded. Having secret code does not imply you have secure code.

    But I think you’re right on a broader level, that people get too comfortable assuming that something is open source, therefore it’s safe.

    In theory you can go look at the code for the foss you use. In practice, most of us assume someone has, and we just click download or tell the package manager to install. The old adage is “With enough eyes, all bugs are shallow”. And I think that probably holds, but the problem is many of the eyes aren’t looking at anything. Having the right to view the source code doesn’t imply enough people are, or even meaningfully can. (And I’m as guilty of being lax and incapable as anyone, not looking down my nose here.)

    In practice, when security flaws are found in oss, word travels pretty fast. But I’m sure more are out there than we realize.

    • towerful@programming.dev
      9·
      24 hours ago

      It’s also easier to share vulnerability fixes between different projects.

      “Y” was using a similar memory management as “T”, T was hacked due to whatever, people that use Y and T report to Y that a similar vulnerability might be exploitable

      Edit:
      In closed source, this might happen if both projects are under the same company.
      But users will never have the ability to tell Y that T was hacked in a way that might affect Y