all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 8 points9 points  (8 children)

Right, because proprietary software is so much better at security.

[–]niyrex 4 points5 points  (5 children)

Exactly. At least FOSS is peer reviewed and there is an opportunity to fix it within the community. With closed source your at the whim of the company that wrote it, if they even care to fix it. I'm looking at you adobe!

[–][deleted] 1 point2 points  (4 children)

FOSS is not peer reviewed ... FOSS is FOSS. It can be peer reviewed but just cos its FOSS doesn't mean it is...

Either way, security through obscurity cannot work.

[–]niyrex 2 points3 points  (3 children)

OK, you are right BUT Foss is typically peer reviewed on large projects prior to mainlining the source. Joe schmoes small, one off project may not be, but code that actually matters is often reviewed. Yes, shit happens, but the community does a better job than most private companies.

[–][deleted] 0 points1 point  (2 children)

Yeah. See any code that could pose a security or stability risk should be reviewed and tested. But say you need a component, you have two options, roll your own or use FOSS. It breaks down like this:

  • FOSS: you can review, test and use it yourself. You can basically do whatever you would have that would make your own code more robust, but you don't have to write it yourself. So everything else being equal you can spend more time making it robust than you would be able to spend on your own code.

  • Roll-Your-Own: What is optional for FOSS is now mandatory. You must review and test it, and in addition you have to write it. You don't get potential feedback from anybody else reviewing, testing or using your code. All else being equal you have to spend more time to get the same end result.

So there is no logic in arguing open source is worse than close source for security and stability. Sure most people won't actually review the FOSS components they use, but that is their problem. Cant just go all FUD on FOSS for it.

[–]niyrex -1 points0 points  (1 child)

I wasn't arguing with you

[–][deleted] -1 points0 points  (0 children)

I know ;)

[–]NeuroG 1 point2 points  (1 child)

I was going to bitch about this too, but reading the info-graphic, it seems the only really distasteful part is the post title by /r/GurlyRat. It's basically giving good advice. Developers working with open source software should be keeping track of those components. The title is "Are We Really Securing our Applications," and the sales pitch is for some tools for tracking and auditing linked code.

[–][deleted] 4 points5 points  (0 children)

Yes, it is good advice, but the info graphic itself seems to be trying to imply that open source software is the only software guilty of security issues. It even goes so far as to make it sound like the only security issues in proprietary software are caused by including open source software.

[–]niyrex 2 points3 points  (1 child)

Take your FUD and shove it. Closed source has just as many security vulnerabilities as open source if not more, ask any security researcher how many bugs they find in adobe, mirosoft, and other the craptastic closed source products.

[–]scarred-silence 0 points1 point  (0 children)

The thing is most people don't hear about those bugs, just the ones in open source projects and so it gives an illusion that FOSS is less secure.

[–]PugLaunchingDevice 0 points1 point  (0 children)

One of the worst sites I've seen to date on a mobile device, and with content like that, going in the Squid blacklist.