How safe is open source software? What are the general benefits? - eviltoast

So with open source software more on my mind lately I was wondering - while I get the benefits of transparency and such, how safe is it? If the source code is available to all, isn’t it easier to breach for people (like the recent cookies hack)? If I’d have an open source password manager, would it be easier for people to get my passwords somehow than if I use something not open source? Do I just not understand how software works in general?

And what are other benefits that may be not so obvious to someone not so knowledgable about this?

Edit: thank you all for really insightful answers! Among other things I also learned just how much I don’t know :)

  • Arotrios@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    There are good comments here already, but I thought I’d provide a practical breakdown of my experience using both in web development.

    Open source software is generally better overall from a programming perspective. The “many eyes” dynamic can be extremely positive if the project has a strong developer community. Even smaller communities make great software.

    On a security level, I’d say they’re about on par - I’ve had about as many security issues with open source as I have with closed. It was what to do when that security problem arose that the real difference came into play. In open source, you either have to figure it out yourself, or wait for the community to fix it. In closed source, you’re paying someone to fix it for you. On the balance, closed source security issues get fixed faster than open source in my experience, but it really depends on the strength of the community behind the open source project, versus the size of the closed source company - bigger companies move a lot slower than many of the smaller services I’ve used.

    On a software evolution level, open source wipes the floor with closed source. There’s simply no competing with the amount of creative minds behind open source development. Most closed source successes in the online world are built on the backs of open source developers - if not directly, than on the ideas that had their genesis in the open source space.

    When it comes to consistency and stability, they’re about neck and neck, with a slight advantage to closed source. Again, it’s the difference between volunteers maintaining the code and someone you’re paying.

    On a personal level, how much do you want to be involved with running the software? If you want to have a greater level of control, build new features, and have the time to maintain it, go open source. If you just want it to work and you’re willing to pay someone else to maintain it, go closed source.

    Note in a corporate setting, it’s often better to go with closed source, as then you have more plausible deniability and someone else to blame when it fails.