Not discrediting Open Source Software, but nothing is 100% safe.

  • Dr. Jenkem@lemmy.blugatch.tube
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    A lot of bad takes in here.

    Here are a few things that apparently need to be stated:

    • Any code that is distributed can be audited, closed or open source.
    • It is easier to audit open source code because, well, you have the source code.
    • Closed source software can still be audited using reverse engineering techniques such as static analysis (reading the disassembly) or dynamic analysis (using a debugger to walk through the assembly at runtime) or both.
    • Examples of vulnerabilities published by independent researchers demonstrates 2 things: people are auditing open source software for security issues and people are in fact auditing closed source software for security issues
    • Vulnerabilities published by independent researchers doesn’t demonstrate any of the wild claims many of you think they do.
    • No software of a reasonable size is 100% secure. Closed or open doesn’t matter.
    • stappern@lemmy.one
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Ah yes let’s audit through reverse engineering. The same thing huh? xD