• Chronographs@lemmy.zip
      link
      fedilink
      English
      arrow-up
      51
      ·
      11 months ago

      Security through obscurity doesn’t, work the vulnerabilities are still there. Also if the vulnerabilities are visible they’re also easier to close.

    • NAK@lemmy.world
      link
      fedilink
      English
      arrow-up
      33
      arrow-down
      1
      ·
      11 months ago

      Tell me you have never worked in IT security without telling me you never worked in IT security.

      To give you an actual answer, instead of pure Internet snark, the concept you’re proposing is called “security through obscurity” if you want to research it.

      The TL:DR of it is it doesn’t work. If it did, all software would be proprietary and things like viruses wouldn’t exist. The source code for Windows isn’t available, but Windows gets exploited constantly.

    • tabular@lemmy.world
      link
      fedilink
      English
      arrow-up
      23
      ·
      11 months ago

      More eyeballs are from people wanting those flaws fixed that wanting to exploit them.

      Proprietary source code has much fewer eyeballs, none of which you can verify belong to competent or trustworthy people.

    • Revan343@lemmy.ca
      link
      fedilink
      English
      arrow-up
      22
      arrow-down
      1
      ·
      11 months ago

      If it’s open source, anyone can poke around in the code and find vulnerabilities to exploit way easier patch

      FTFY. Open source software is more secure than closed source, not less

      • lud@lemm.ee
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        2
        ·
        11 months ago

        No, you can’t really make blanket statements like that at all.

        Open source doesn’t compromise security on its own and closed source is the same.

        Open source might be more secure but that’s only if people actually audit it properly and some closed source codes are audited more closely than some open source code.

    • Free Palestine 🇵🇸@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      11 months ago

      Is this a serious question?

      This is the exact same ridiculous argument that proprietary software corporations make. It never made any sense, security through obscurity will never work. Linux is open-source used on ~80% of all web servers, in your logic these servers would all be vulnerable. It just doesn’t make any sense. Linux is also used in many embedded devices and Android is based on the Linux kernel. But Android (which is also entirely open source) has one of the best security models out there.

    • cm0002@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      11 months ago

      That’s the same bullshit line politicians and corporations use, it’s simply not true

    • sudneo@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      11 months ago

      Vulnerabilities can and are usually found without code inspection. Fuzzing, reverse engineering, etc. At the same time, it is easier to find vulnerabilities having the code to check, but it is easier also for those who want to have them patched. That’s why we have tons of CVEs in Windows, iOS etc., and they don’t all come from the vendor… Depending on the ratio of eyeballs looking at something to fix and the ones looking at something to exploit, open source can be more secure compared to closed source.