So with open source software more on my mind lately I was wondering - while I get the benefits of transparency and such, how safe is it? If the source code is available to all, isn’t it easier to breach for people (like the recent cookies hack)? If I’d have an open source password manager, would it be easier for people to get my passwords somehow than if I use something not open source? Do I just not understand how software works in general?

And what are other benefits that may be not so obvious to someone not so knowledgable about this?

Edit: thank you all for really insightful answers! Among other things I also learned just how much I don’t know :)

  • Riven@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    41
    ·
    1 year ago

    Open source is generally considered to be more secure because the large number of eyes on it are expected to catch the vulnerabilities. That’s the idea anyway.

    I get where you’re coming from though. If anyone can see how it works it must be easier to break into right? But if something is only secure because you don’t know how it works, then it isn’t really secure at all.

    • SimplePhysics@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      15
      ·
      edit-2
      1 year ago

      Right. The amount people with good intentions looking for vulnerabilities in open source software far outnumbers the amount of malicious actors looking for vulnerabilities. Chances are great that, by the time malicious actors find a vulnerability, someone with good intentions is working on a patch already.

    • blackbelt352@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      But if something is only secure because you don’t know how it works, then it isn’t really secure at all.

      For an IRL equivalence, just watch any Lock Picking Lawyer video featuring any Master lock. If watching how easily defeated those locks are plummets your confidence in those locks, well it’s the same idea with digital security.

    • SimplePhysics@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Right. The amount people with good intentions looking for vulnerabilities in open source software far outnumbers the amount of malicious actors looking for vulnerabilities.