Is FOSS really safe? - eviltoast

I’m note a programmer. I Don’t Understand Codes. How do I Know If An Open Source Application is not Stealing My Data Or Passwords? Google play store is scanning apps. It says it blocks spyware. Unfortunately, we know that it was not very successful. So, can we trust open source software? Can’t someone integrate their own virus just because the code is open?

  • Serinus@lemmy.world
    link
    fedilink
    arrow-up
    5
    arrow-down
    3
    ·
    1 year ago

    I wouldn’t assume there are many people looking at most open source code. And even if there are, it’s not impossible to hide malicious code.

    Just because people can review it doesn’t mean they are reviewing it.

    It does introduce more risk of discovery though. Malicious code is easier to find, and there will be at least a username associated with it.

    • pjhenry1216@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      There are more people looking than there are elsewhere. And unless you’re suggesting the authors as being malicious (which can happen), most FOSS is reviewed. Especially larger ones. You can tell by the number of contributors. Smaller projects will surely be an issue, but popular ones do get reviewed, simply because many people want to be able to contribute.

      It’s almost certainly more than proprietary though. Like, all these risks still apply to proprietary.