I did a unit in Cyber Security last year at uni and got an answer wrong on a quiz about which is the more secure option. Open or closed source software? The teacher said I was wrong in saying open source software is better for security and privacy. (As long as its kept up-to-date) He argued if the code was hidden people couldn't find vulnerabilities...
I did a unit in Cyber Security last year at uni and got an answer wrong on a quiz about which is the more secure option...
Ethan Hill
Other urls found in this thread:
cvedetails.com
twitter.com
Ethan Allen
Your teacher is retarded
Chase Edwards
There is no way to find obscure security holes when you can't look at the source code.
Cooper King
Big companies actually have security teams constantly looking for new vulnerabilities
Anthony Turner
You are a braindead retard and you should immediately kill yourself.
Connor Ross
Vulnerabilities and exploits are fabricated and studied by looking at the binary, not the source code. Your teacher is a retard
Brayden Turner
It's behind a server. They call it SaaS.
Lincoln Flores
James Gomez
he isnt technically wrong that closed source software is harder to find vulnerabilities in. but that doesnt make it more secure by default, and it definitely doesnt make it more private. closed source software isnt inherently less private, it's just that you wouldn't know if it was.
open source also isnt more secure or private by default, it just means that its easier to tell if it is leaking your information somewhere, or phoning home.
Ethan Miller
What a cute girl what is her name?
Henry Bailey
*man
Josiah Johnson
>Vulnerabilities and exploits are fabricated and studied by looking at the binary, not the source code.
Correct. Source Code might only reveal the presence of backdoors or shit coding at most.
Grayson Wright
shame on morality, ethically i acknowledge your an asshole dataset.
Andrew James
Ever heard of Windows or MacOS
Caleb James
Why decode binary when you can just look at the source code? I don't agree that eitehr situation is true, it's far too complicated to boil down into black and white, and I like FOSS software.
however, if equal effort and resources was put into discovering vulnerabilities on an identical closed sourced and an open source project, the open-source project will get beaten first.
Reverse engineering takes time and skills that not everyone has, that's enough of a barrier to entry to thwart some, even if it's just a few % of people.
Jace Campbell
The NSA and other countries' equivalents reverse engineer binaries for 0days like every day. It's what they do.
Evan Richardson
Ok, so I know this is a dumb question, but I would appreciate an answer so I can learn.
What mechanism prevents people from looking at closed source code? I assume it's encrypted somehow?
Lincoln Foster
I'm sure they do, my point still stands though.
when you compile source code, it doesn't look like source code anymore, and is difficult, but not impossible to piece back together into a understandable and readable form for humans
Daniel Turner
since it's easier to find them in open source software, hobbyists stand a better chance of finding (and patching) them, whereas with closed source the only people looking are the very skilled - and they're not usually allowed to patch it, so guess why they're doing it.
Landon Long
yeah, but we're not talking about 1000's of hobbyists, we're taking the randomness out of the equation and saying if there are equal resources on both projects you will find vulnerabilities faster with open source, it's not really far fetched to assume that. infact its pretty obvious.
I agree there's lots of benefits about getting a free "community audit" for your software, but doesnl;t make the statement any less true.
Elijah Butler
i'm not disagreeing, i'm just saying that people who find the vulnerabilities in the open source project are more likely to fix it. equal resources certainly, but not equal intent - that's how it usually goes in real life, not a hypothetical.
you are correct, but OPs statement of
>He argued if the code was hidden people couldn't find vulnerabilities...
>couldn't
not less likely
OP's teacher is definitely more wrong than either of us