19
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 02 Nov 2023
19 points (88.0% liked)
Open Source
31223 readers
236 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
@PrecisePangolin Thanks, this explains it really well.
I think the argument is usually
But I that's not really how it works because it doesn't cost anything to try an exploit. People generally aren't going to look through the code to try and spot a weakness when they can just run an automated thing to attempt common vulnerabilities. Open source, closed source, bad code will fail the same.
I see it as a lock. With open source, you know how the internal mechanism is supposed to work and you can judge how secure it is. With closed source, someone says "trust me" and doesn't show you how the inside works. It could just be a "if something metal is inserted, unlock the system".
Ultimately the best thing is to look for open source software that's been audited. If no one has checked the FOSS code, then you don't actually know it's safe. Once that's happened, best of both worlds.
One other concern might be "if it's open source, then everyone can see my password!"
Which is just... wrong
Oh and in practice, companies might pick a closed source paid product over a free and open source one.
But it's not the product, it's the legal/financial agreements. Companies like to externalize the risk instead of taking it on themselves. They like being able to sue someone if things go wrong.
The other company might be running the FOSS software too. They're taking on the responsibility.
Oh and finally, a lot of open source products and protocols are used by closed source companies.
ex. Signal protocol is used by Facebook for some things