this post was submitted on 17 Nov 2023
45 points (100.0% liked)
Free and Open Source Software
17934 readers
75 users here now
If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I think you might have read it backwards, I equated closed source with security by obscurity. And obviously you can have both, if you pay extra.
Sure, finance is not technology, but I think it’s worth it pointing out that it’s not arbitrary or just greed or whatever, it has technicalities too.
That was quite vague and still hard to interpret the trade you mention. But I’ll say generally security benefits from:
Closed source has the false sense of security pitfall, which stems from the mentality that code secrecy is a protection of some kind. That pitfall is avoidable simply by not using it as a crutch for lacking security. Open source automatically avoids that pitfall. Bug bounties (2) help get motivated eyes (1) on the code (eyes motivated by generous legit rewards, as opposed to the reward of a zero day in the wrong hands). From there, I see no advantage to closed-source here.
I'm in total agreement that OSS builds more secure software. What I'm saying is that these companies are not in the business of building safe software.
I think the easiest mental map is this: doing things well has a cost; doing things poorly can be cheaper; if it's way cheaper and there's some method available to de-risk it even if a little bit, no matter how little effective it is, it might be financially advantageous to pick the inferior option. This is not just for security, but pretty much everything.