IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [opensource]

Open source is a term used for software whose source code is made available. Software distributed under Open source license allow the users to study, debug and improve the software with certain rights preserved for the copyright holder.

165 questions
60
votes
7 answers

Closed source binary blobs in chipsets - privacy threat?

I wanted to buy a Librem Purism 13 because I care about my privacy and generally wanted a laptop to test Linux on. However, I was advised against it because it uses Intel i5 processors which contain binary blobs. From what I understand binary blobs…
user113581
  • 521
  • 4
  • 4
56
votes
5 answers

Is open-sourcing the code of a webapp not recommended?

How to find out what programming language a website is built in? How much of a Django application could be reverse-engineered if the owner forgot to turn debug mode off? And other Qs like these ^ . Shortly: It would seem that at least in terms of…
gaazkam
  • 5,607
  • 11
  • 24
  • 37
55
votes
7 answers

Open Source vs Closed Source Systems

My understanding is that open source systems are commonly believed to be more secure than closed source systems. Reasons for taking either approach, or combination of them, include: cultural norms, financial, legal positioning, national security,…
blunders
  • 5,052
  • 4
  • 28
  • 45
38
votes
4 answers

How do open-source projects prevent disclosing a bug while fixing it?

I understand that many open-source projects request vulnerabilities not to be disclosed on their public bug tracker but rather by privately contacting the project's security team, to prevent disclosing the bug before a fix is available. That makes…
Heinzi
  • 2,914
  • 2
  • 21
  • 25
31
votes
0 answers

Can you prove that an open source program is running the same code that it claims to be?

So if a group has made open source software, and the source code is available on github, and is bundled with an executable in their main download, can it be proven that the executable is compiled from the source code that is on github, and not…
puser
  • 411
  • 3
  • 3
29
votes
8 answers

Is it safer to use less heard of software than popular software?

Is it good policy to use non-mainstream applications, or does it depend? For example is it better to use a less popular browser, media player or operating system as it is less likely a target for hackers to exploit? On the other hand if it's more…
Celeritas
  • 10,039
  • 22
  • 77
  • 144
29
votes
11 answers

What is the point of using an open source and secure OS if you are running it on a machine with closed source firmware?

I'm very interested in the OpenBSD OS, as it currently seems to me to be the option that takes security more seriously than its contemporaries. But as I was reading about it, it occurred to me that even if OpenBSD is all it claims to be, how does…
herzEGG
  • 399
  • 3
  • 5
23
votes
3 answers

Free/Libre software to handle TCG OPAL 2.0-compliant Self-Encrypting Drives (SEDs)?

I'm in search of a free/libre software that is able to handle OPAL (2.0)-compliant SEDs (i.e. manage the setting of Pre-Boot Authentification (PBA) environment, encryption keys...). It could be a utility that runs as a live image (thus…
neitsab
  • 343
  • 1
  • 2
  • 7
20
votes
5 answers

Is there any open source ransomware?

I'm working on malware analysis at my university and I'm trying to develop ransomware. I'm planning to publish the source code after it's finished. Is there any open source ransomware sample so I can take a look?
Onsur
  • 361
  • 2
  • 5
19
votes
2 answers

FOSS Enterprise Password Management Solution

Can anyone recommend a F/OSS enterprise password management solution on/around the same level as something like Cyber-Ark? Specifically, something along the lines of a standard password manager, (like KeePass), but with the ability to login with…
Josh Brower
  • 1,366
  • 2
  • 13
  • 24
16
votes
8 answers

Trust Issues Relative to Open Source

Two separate discussions have very recently opened my eyes to an issue I had not considered – how to confirm the Open Source binary one uses is based on the published source code. There is a large discussion thread on cryptography-randombit based…
zedman9991
  • 3,377
  • 15
  • 22
14
votes
3 answers

What are the security implications of 'open-source' vs. 'source-available'?

In light of the current fiasco surrounding TrueCrypt, I have received considerable criticism from current clients and peers in the IT industry for my continued support of the open-source model. Such criticism is usually lumped in with ongoing…
Caleb
  • 1,334
  • 11
  • 20
13
votes
3 answers

open source software security rating -- 3rd-party authority

A client is asking my company to write up internal standards that open source software must meet before we will approve it for use on our workstations. Our policy has always been subjective and hard to quantify. We use very popular, highly…
kcrumley
  • 233
  • 1
  • 5
13
votes
4 answers

How to trust ICs?

While it is theoretically possible to thoroughly examine the source code of Open Source Software to check for backdoors (neglecting a Ken Thompson hack), and given sufficiently adequate knowledge in Electrical Engineering one can probably figure out…
Tobias Kienzler
  • 7,578
  • 10
  • 43
  • 66
13
votes
7 answers

How are open-sourced operating systems and software kept secure?

I have been wondering about his for awhile. I have Linux running on a PC at home. I had a jailbroken iPhone. They both have attributes that make them very attractive, and they are also FREE! But I haven't been able to find anything that discusses…
Jim
  • 255
  • 1
  • 10
1
2 3
10 11