What are the security risks, if any, of making an app closed-source vs. open-source?
Asked
Active
Viewed 21 times
0
-
it's secure if written securely, regardless of it being open source - there is a big difference between something being true, and being able to prove that it is true. Just because you can't prove it is true does not mean that it is not true. – schroeder Sep 12 '16 at 20:30
-
if, on the other hand, your question is really about an acceptable *risk* of closed source, then that's another question altogether – schroeder Sep 12 '16 at 20:31
-
Closed-source is less attacked than open-source primarily because OS gives attackers a map while CS involves a lot of guess work. – IMB Sep 12 '16 at 20:49
-
1@IMB Citation needed. – user Sep 12 '16 at 20:56
-
@MichaelKjörling I have no citation but I am basing from personal experience. e.g., My Wordpress blogs are constantly bombarded however my custom-made blog aren't. – IMB Sep 12 '16 at 21:17
-
@IMB I think the number of exploits against closed-source Windows vs open-source Linux pretty much disproves your perceived correlation, making causation seem even more unlikely. – Alexander O'Mara Sep 12 '16 at 21:20
-
@AlexanderO'Mara I admit my answer is based on a limited personal experience with Wordpress vs custom-made blog. – IMB Sep 12 '16 at 21:21
-
1@IMB Well, that's because WordPress is widely used enough and poorly designed enough that automated bots crawl the web looking for known vulnerabilities. There are similar bots for some closed-source CMS's and pure-custom sites can be exploited via target attacks too. – Alexander O'Mara Sep 12 '16 at 21:25
-
@AlexanderO'Mara but would you agree that attacking a closed-source software is a lot of guess work compared to attacking open-source? – IMB Sep 12 '16 at 21:34