Why is open source software assumed to be secure?

Davriellelouna@lemmy.world · edit-2 2 days ago

Why is open source software assumed to be secure?

fmstrat@lemmy.nowsci.com · 17 hours ago

Others have mentioned this, but to make sure all context is clear:

FOSS software is not inherently more secure.
New FOSS software is probably as secure as any closed source software, because it likely doesn’t have many eyes on it and hasn’t been audited.
Mature FOSS software will likely have more CVEs reported against it than a closed source alternative, because there are more eyes on it.
Because of bullet 3, mature FOSS software is typically more secure than closed source, as security holes are found and patched publicly.
This does not mean a particular closed source tool is insecure, it means the community can’t prove it is secure.
I like proof, so I choose FOSS.
Most people agree, which is why most major server software is FOSS (or source available)
However that’s also because of the permissive licensing.

liquefy4931@lemmy.world · 48 minutes ago

Also keep in mind that employees of companies that release closed source software are obligated to keep secret any gaping security vulnerabilities. This obligation usually comes with heavy legal ramifications that could be considered “life ruining” for many of us. e.g. Loss of your job plus a lawsuit.

Often, none of the contributors to open source software are associated with each other and therefore have no obligation to keep discovered vulnerabilities a secret. In fact, I would assume that many contributors also actively use the software and have a personal interest in getting security vulnerabilities fixed.