This is a double edged sword.. since the source is open, anyone can determine vulnerabilities just by peeking into the code..
But on the other hand, since anyone can determine these vulnerabilities, they can be detected and patched by anyone. The more people who are working on the code, the more people can tidy it up and make it secure.
i wud say yes, coz i think that the amount of testing that might go into it mayb less
Yes and No. It depends on the open source program in question.
The code is open for aopen source software programsny to see, which means that all of the software's weaknesses are right there in front of you, if you look for them. You don't have to 'stumble upon' a security weakness, you just have to look around in the code for them. This is opposed to closed-source, whose weaknesses are hidden, but no less susceptible to people accidentally finding them.
But because of this, if there is a community that supports the software, those security problems will be found, and fixed. A large community of coders and supportersopen source software programs is what gives open-source the edge when it comes to security.
For example, look at Microsoft Windows (closed source) and almost any offshoot of Linux, called Distributions (most are open source). An out-of-the-box Windows installation connected openly to the internet can be compromised very easily, and most people rely on third-party anti-virus and firewall software. In contrast, an out-of-the-box Linux installation is much more secure and does not need third-party software to make it so.
No comments:
Post a Comment