21
How do you vet open source software if you don't know code well? (slrpnk.net)
submitted 3 days ago by reallykindasorta@slrpnk.net to c/asklemmy@lemmy.ml
15 comments fedilink hide all child comments

There are oodles of neat and singular programs on github and similar. Curious what steps people take to vet for malware before downloading and trying stuff, especially if you’re not very familiar with the coding language it’s written in.

you are viewing a single comment's thread
view the rest of the comments
[-] jerkface@lemmy.ca 6 points 3 days ago* (last edited 3 days ago)

If you are a corporation staking thousands or millions of dollars on some code, you hire someone to audit it. If you are a dude playing with apps on your phone, you accept the risk of ingorance.

[-] BCsven@lemmy.ca 7 points 3 days ago

In theory yes. But as an insider to a company that sells proprietary software...also no. LOL.

They build a lot of their stuff on top of opensource code. There has been the exact same exploits as open source projects, and even a few malware intrusions from either some devs deliberate sabotage or infected machine. Not every giant corporation is checking in depth like you assume they should be, they go on trust to save shareholder profits and if they do an external audit and its a zero day nobody* is catching it.

*there was that one a while back in an unrelated project where the only reason it was caught was a dev nerd noticed the very slight delay in network response compared to previous version. So caught by human feels wrong and not a diff of git

[-] jerkface@lemmy.ca 2 points 3 days ago

The question being answered was not, "What are the common practices for...?"

this post was submitted on 17 Jan 2026
21 points (95.7% liked)

Asklemmy

52218 readers
533 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 6 years ago
MODERATORS
Cloak@lemmy.ml
14specks@lemmy.ml
mekhos@lemmy.ml
tmpod@lemmy.pt