Hacker News new | past | comments | ask | show | jobs | submit login

I like open source but certainly do not believe that it is always the best choice when it comes to security.



Why? Interested in your reasons. One plausible one is that trusting an author you know can be more practical than examining every line of a massive open source code base. Could that be a reason? Others?


Shotgun blast: open source software is easier to read. Is the quality higher? Depends: there are some terrible vendors, and there are some very shoddy open source security projects. Open source software, with a couple of exceptions, are rarely audited professionally. Widely used open source projects get shaken out for memory corruption and XSS. They do not as a rule get thoroughly evaluated for cryptographic flaws.

A more precise way to state my preferences:

I trust _crypto_ from Microsoft, Apple, or (especially) Google more than I trust _crypto_ from a developer I've never heard of before. I do not as a rule trust rando closed-source projects.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: