So with open source software more on my mind lately I was wondering - while I get the benefits of transparency and such, how safe is it? If the source code is available to all, isn’t it easier to breach for people (like the recent cookies hack)? If I’d have an open source password manager, would it be easier for people to get my passwords somehow than if I use something not open source? Do I just not understand how software works in general?

And what are other benefits that may be not so obvious to someone not so knowledgable about this?

Edit: thank you all for really insightful answers! Among other things I also learned just how much I don’t know :)

  • Zeth0s@lemmy.world
    link
    fedilink
    English
    arrow-up
    68
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Short answer is no. Safety of a program is in its implementation, not in the visibility of the code.

    Most of the internet runs on opensource code, the most companies in the world that requires security rely on open source programs, while companies relying on proprietary software are victims of hackers, malwares, ransomware every second (I am not going to name names to avoid useless wars).

    That said, not all open source code is safe to use, as no all closed source software is safe to use. Bigger projects, used by many and used by experts are usually safe, most often even safer than close source counterparts.

    Smaller projects are as safe as any random software downloaded from internet, unless you are able to read the code yourself. Many are safe, many aren’t, few are malevolent.

    Be careful and research the program you are installing for security concerns.

    If you want to download big stuff like debian, fedora, blender, gimp, krita, chromium, vscode, docker, k8s (I don’t know what you are into) just be sure that you trust the source from were you download binaries. The same as for any closed source software

    • Pieisawesome@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Technically, vscode isn’t open source. It’s in the same situation of chrome vs chromium.

      Majority is the same, but Microsoft has some non-open source parts of vscode.

      Vscode repo contains “code - oss”

      • BrikoX@lemmy.zip
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 year ago

        There is VSCodium that is released under MIT without the Microsoft proprietery stuff.

      • PantsOnHead@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Except Chromium can still access the Chrome extension store. The VSCode extension store is not included with the OSS version, which seriously hampers the usefulness of the app.

      • Zeth0s@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I know, but I didn’t want to add too many details to the answer. Also because the core of vscode is open source and can be read by anyone