Are open-source projects more or less secure than proprietary ones?

pwnedu (39) in asksteemit • 7 years ago (edited)

I just recently posted on my blog a long list of information security job interview questions. My intentions were, and still are, to begin sharing MY answers to those questions, but before I started doing that, I am curious to hear what the community has to say about this first question.

Comment below with your thoughts to this seemingly tireless debate.

Are open-source projects more or less secure than proprietary ones?

asksteemit programming linux security hacking

7 years ago by pwnedu (39)

$0.00

2 votes

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!

Sort Order:

Trending

[-]

dimitrisp (68) · 7 years ago

Proprietary (closed-source) projects, are generally less secure, unless a security team is hired to check for security-related bugs.

Open-source project may have more bugs in the beginning, but they usualy get ironed out sooner than in proprietary ones, because anyone can see the code and provide fixes. (not happening at 100% of open source software out there, but in projects like Wordpress for example, this is the case)

$0.00

1 vote

[-]

pwnedu (39) · 7 years ago

Id have to agree with this. I often hear "proprietary is better because they can hire better programmers." It makes me wanna vomit lol
I find WordPress to be a bit of an ironic example. Wordpress core, definitely a great example. Wordpress plugins, this could be a whole debate by itself lol.
Thanks for

$0.39

9 votes

[-]

dimitrisp (68) · 7 years ago

Depending on your point of view, you are correct.

The core, which I meant in my comment is a very good example as you said. The same I would say for the Linux Kernel, but when you start loading plugins/modules, it's a very different story!

$0.00

[-]

forexshark (13) · 7 years ago

It depends on the program, being open source will generally allow exploits and buggs to be exposed and fixed faster.

$0.00

[-]

pwnedu (39) · 7 years ago

I agree. It doesn't always mean that someone is auditing the code, but i like having the option to. Another issue is when proprietary software is built stacked on open source, and a bug is found in the opensource code. The open project seems to get updated, but the proprietary stays vulnerable.

$0.00

[-]

zeronumbers (52) · 7 years ago (edited)

There is another problem with open source it sometimes tolerates proprietary programs.
For example android is open source but has many proprietary features.
While free software doesn't tolerate proprietary programs at all as far as I know.

$0.00

[-]

pwnedu (39) · 7 years ago

I agree with your android statement. However, free software doesnt always mean open sourced. Ccleaner and malware bytes are examples of this.
Android is an interesting use case though. I will need to do some research. Do you know if the stagefright vulnerabilities were in the open or closed side of Android?

$0.35

3 votes

[-]

zeronumbers (52) · 7 years ago (edited)

When I said free software I meant this.
Ccleaner and malware bytes are freemium and freeware. Malware bytes is proprietary software, not sure about ccleaner but probably it is also proprietary.

As for stagefright I dont know but wikipedia search shows this:

The underlying attack vector exploits certain integer overflow vulnerabilities in the Android core component called "Stagefright",[6][7][a] which is a complex software library implemented primarily in C++ as part of the Android Open Source Project (AOSP) and used as a backend engine for playing various multimedia formats such as MP4 files.[5][9]

Search for replicant it is free version of android they found some samsung vulnerability years ago and also there you can find list of what is actually not proprietary in android.

$0.00

1 vote

[-]

pwnedu (39) · 7 years ago (edited)

ah, fair enough! It was a simple misunderstanding then. Based on the link you provided, I agree with you 100%. Free as in people not free as in beer.
Thanks for the bit about stagefright as well. It sounds like it was in the open component of android. It did get patched quickly, but I'm sure there plenty of devices that are still vulnerable.

$0.00

[-]

steemitboard (66) · 7 years ago

Congratulations @pwnedu! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

$0.00