Are open-source projects more or less secure than proprietary ones?

in #asksteemit7 years ago (edited)

I just recently posted on my blog  a long list of information security job interview questions. My intentions were, and still are, to begin sharing MY answers to those questions, but before I started doing that, I am curious to hear what the community has to say about this first question. 

Comment below with your thoughts to this seemingly tireless debate.


Are open-source projects more or less secure than proprietary ones?

Sort:  

Proprietary (closed-source) projects, are generally less secure, unless a security team is hired to check for security-related bugs.

Open-source project may have more bugs in the beginning, but they usualy get ironed out sooner than in proprietary ones, because anyone can see the code and provide fixes. (not happening at 100% of open source software out there, but in projects like Wordpress for example, this is the case)

Id have to agree with this. I often hear "proprietary is better because they can hire better programmers." It makes me wanna vomit lol
I find WordPress to be a bit of an ironic example. Wordpress core, definitely a great example. Wordpress plugins, this could be a whole debate by itself lol.
Thanks for

Depending on your point of view, you are correct.

The core, which I meant in my comment is a very good example as you said. The same I would say for the Linux Kernel, but when you start loading plugins/modules, it's a very different story!

It depends on the program, being open source will generally allow exploits and buggs to be exposed and fixed faster.

I agree. It doesn't always mean that someone is auditing the code, but i like having the option to. Another issue is when proprietary software is built stacked on open source, and a bug is found in the opensource code. The open project seems to get updated, but the proprietary stays vulnerable.

There is another problem with open source it sometimes tolerates proprietary programs.
For example android is open source but has many proprietary features.
While free software doesn't tolerate proprietary programs at all as far as I know.

I agree with your android statement. However, free software doesnt always mean open sourced. Ccleaner and malware bytes are examples of this.
Android is an interesting use case though. I will need to do some research. Do you know if the stagefright vulnerabilities were in the open or closed side of Android?

When I said free software I meant this.
Ccleaner and malware bytes are freemium and freeware. Malware bytes is proprietary software, not sure about ccleaner but probably it is also proprietary.

As for stagefright I dont know but wikipedia search shows this:

The underlying attack vector exploits certain integer overflow vulnerabilities in the Android core component called "Stagefright",[6][7][a] which is a complex software library implemented primarily in C++ as part of the Android Open Source Project (AOSP) and used as a backend engine for playing various multimedia formats such as MP4 files.[5][9]

Search for replicant it is free version of android they found some samsung vulnerability years ago and also there you can find list of what is actually not proprietary in android.

ah, fair enough! It was a simple misunderstanding then. Based on the link you provided, I agree with you 100%. Free as in people not free as in beer.
Thanks for the bit about stagefright as well. It sounds like it was in the open component of android. It did get patched quickly, but I'm sure there plenty of devices that are still vulnerable.

Congratulations @pwnedu! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

Coin Marketplace

STEEM 0.25
TRX 0.19
JST 0.036
BTC 91660.56
ETH 3295.97
USDT 1.00
SBD 3.83