this post was submitted on 14 Aug 2023
905 points (96.3% liked)
Linus Tech Tips
3823 readers
1 users here now
~~⚠️ De-clickbait-ify the youtube titles or your post will be removed!~~
~~Floatplane titles are perfectly fine.~~
~~LTT/LMG community. Brought to you by ******... Actually, no, not this time. This time it's brought to you by Lemmy, the open communities and free and open source software!~~
~~If you post videos from Youtube/LTT, please please un-clickbait the titles. (You can use the title from https://nitter.net/LTTtranslator/ but it doesn't seem to have been updated in quite some while...)~~
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's still a decent argument. While many/most may not be able to read it and understand it it is still better to have some (outside the project) that can look at the code and check it independently.
It certainly depends on the project and how much it is used. A library someone threw together on an afternoon will unlike a bigger project like NGINX, have little to no external eyes on it.
Though it's not just about reading it. Open source projects (depending on their size) can usually react faster when a bug or problem is found within it.
The same can be said with closed source applications. A dev or the entire company (if they where to go down such a path) could also easily introduce something nasty. In that case there would be no way at all to confirm that anything bad or upright malicious was introduced (unless it gets so bad that it would trigger an Anti-Virus or is easily noticeable).
Is Open Source alone making software more secure (or prevent malicious actions)?
No. But it can be a sizable improvement. Just like security through obscurity^1^^/^^2^ (when given as an isolated argument) is not making software more secure (dare I say it decreases its security; when used in isolation).