Open Source is an interesting alternative, which adds the possibility of collaboration and customization in the development of the software, it allows developers to use the code or part of it for their own projects, this naturally offers many advantages. Now, many times I read several clearly wrong opinions about it. OpenSource is more secure and more private than closed source, which is completely false, it is not, it is not the first time that I have discovered Trojans and other malware in OpenSource. It is true that a developer can review the code, although this is not always easy in very complex software with up to millions of lines of code, many also pointing to external scripts, which also require revision. For this reason, many developers do not do it, limiting themselves to changing certain codes to adapt it to their needs or to create their own product. For this reason, security and privacy always depends on the activity of the creator / creators and the corresponding community, if any, to detect possible infiltrations by hackers, who also have access to the code of this software. The normal user, without great knowledge, has no possibility of verification, far from passing the product through VirusTotal or the AV that he uses. You must trust the product’s TOS and PP, in many cases not much better for privacy than other proprietary products. Of course, the free argument is also false, not all OSS is free, it can even have high costs. For this reason, I think that, to maintain the freedom and the great advantages that the OpenSource movement has, to put an end to these mistaken opinions and to make users aware of the real value that this movement has, so as not to lead them to a field of disappointment.

Preferably use OpenSource, but like any other software, avoid blind trust and check the application before using it and above all, importantly, always read the TOS and PP of the product, this avoids many annoyances. Avoid products whithout updates for a long time, which shows a lack of attention on the part of the developer.

  • pinknoise
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    3 years ago

    because they need the same security measures befor to use them as other soft

    No they don’t. With open source software I can just read the source code and use the transparently implemented isolation features of most open source operating systems to minimize potential damage. Closed source software I’d have to meticulously reverse engineer to be sure it does what I want and there is no easy way to do this differentially on updates. Some vendors are even impertinent enough to forbid you from reverse engineering the software they provide. Also if I find a vulnerability in an open source software I can just talk to the developers and they usually try to fix it asap, especially in widely deployed projects. And if they don’t I can just apply and publish my own patches or ask the community to do so. With commercial entities security and bug-fixing are just seen as cost factors. Even in supposedly high security fields I have seen software that was engineered to barely meet the compliance requirements for profit optimisation. (Although hanlon’s razor could apply here, I never met the developers lol)

    • ZerushOP
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      You are developer which can read and prove millon of lines of a simple browser engine? I can’t “just read” it, its a work of a big team if they want to do this. What you say is only valid in small FOSS apps, but not more. On other hand, who do this in a software, only with sporadic maintenance and small community? Most user even don’t read the TOS and PP of an software, less they do this wis the source code. Again, the security and privacy of FOSS depends only of the will and proposit of the developers an the community and in the ability to quickly discover malicious codes leaked in this code, open also for hackers to find security holes. This is valid for all soft, not only for FOSS. Disatended FOSS is a magnet for any kind of malware, I know because of bad experience.

      • pinknoise
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        3 years ago

        What you say is only valid in small FOSS apps, but not more.

        If you want to use bloatware thats your problem.

        who do this in a software, only with sporadic maintenance and small community?

        The maintainers and users, exactly as with bigger projects.

        Most user even don’t read the TOS and PP of an software, less they do this wis the source code.

        So if the majority does it it’s suddenly ok? Computing should be about empowering users not about making them slaves to the software.

        the security and privacy of FOSS depends only of the will and proposit of the developers an the community […]. This is valid for all soft, not only for FOSS.

        But with closed source software the will of the developers is obviously absent and the “community” can only do so much. Especially if they don’t want a lawsuit for violating EULAs. Also the “community” can’t just do their own thing if the developer has a bad attitude, especially once they are in the lock-in trap.

      • pinknoise
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        3 years ago

        How does that contradict anything I wrote? This could’ve easily been spotted if someone just read the source code. (And it was, because someone did, although automatically) If it was a closed source DLL this wouldn’t have been found that easily.