@a1batross I think it’s funny how everyone says everything’s safe because it’s open source. No one’s even checking this complicated source code to see if it’s blatantly collecting data, much less looking for security holes.
Open source has been drummed into everyone’s heads as safer because it’s open and people try to break into it to discover holes all the time. Then, everyone assumes human nature is good, every Linux user is a white hat hacker, and they all immediately report security flaws instead of exploiting them.
That’s a level of trust in strangers that can get you hurt.
I'm not gonna explain why having even a theoretical possibility to read code is better than having zero chance.
@a1batross You don’t have to. Closed source is better because businesses have security teams checking for holes and fixing them when they’re reported.
Open source is better because everyone can see the original source without complicated decompilation of obfuscated machine code and report bugs or security holes.
That wasn’t very hard to describe, was it?
Open source works for Linux and large projects. Who’s checking the source code for all these utilities or program everyone (including me) downloads from every tom, dick, and harry who figures out how to write a utility? No one unless it exhibits bad behavior. Then more utilities are built on those and more one those.
> Closed source is better because businesses have security teams checking for holes
As someone who worked in security teams for dozens of software companies of 20+ years I can only respond with:
No, they don't.
Security is considered a non-functional requirement (NFR) and as such enjoys little attention from business stakeholders.
Deeply frustrating, and there are exceptions, but this is the predominant attitude in business.
