@a1batross I think it’s funny how everyone says everything’s safe because it’s open source. No one’s even checking this complicated source code to see if it’s blatantly collecting data, much less looking for security holes.
Open source has been drummed into everyone’s heads as safer because it’s open and people try to break into it to discover holes all the time. Then, everyone assumes human nature is good, every Linux user is a white hat hacker, and they all immediately report security flaws instead of exploiting them.
That’s a level of trust in strangers that can get you hurt.
I'm not gonna explain why having even a theoretical possibility to read code is better than having zero chance.
@a1batross You don’t have to. Closed source is better because businesses have security teams checking for holes and fixing them when they’re reported.
Open source is better because everyone can see the original source without complicated decompilation of obfuscated machine code and report bugs or security holes.
That wasn’t very hard to describe, was it?
Open source works for Linux and large projects. Who’s checking the source code for all these utilities or program everyone (including me) downloads from every tom, dick, and harry who figures out how to write a utility? No one unless it exhibits bad behavior. Then more utilities are built on those and more one those.
I literally faced a customer who told me they won't fix a SQL injection I found in their code because, wait for it:
- No customer asked for it.
My line of argument was that customers generally tend to assume kind of by default that the software will not randomly spray their most sensitive data on public web pages...
But the business wasn't convinced.
