Keep in mind that just because an application is open source doesn't mean it's safer. If nobody checks its code for bugs or malware, it could be worse than other software.
----
We have so many questions that are making us feel a bit uneasy: ❓
In what ways can you be certain that a particular open-source software solution is secure?
What factors do individuals with an IT background consider when making decisions about open source software safety?
Certain open source software solutions have extensive code bases. Consequently, it would require a significant investment of time to verify the absence of bugs or malicious code. 🐞 ☠️
That said, even those who can understand code may not always have the time or energy to investigate every piece of software they install. So what are their criteria for endorsing a particular piece of software that they haven't analysed its code? 🧭
And what tips do you have for people who aren't developers, to help them make the best choices when they can't understand the code? Who can they trust?
#opensource #cybersecurity
----
We have so many questions that are making us feel a bit uneasy: ❓
In what ways can you be certain that a particular open-source software solution is secure?
What factors do individuals with an IT background consider when making decisions about open source software safety?
Certain open source software solutions have extensive code bases. Consequently, it would require a significant investment of time to verify the absence of bugs or malicious code. 🐞 ☠️
That said, even those who can understand code may not always have the time or energy to investigate every piece of software they install. So what are their criteria for endorsing a particular piece of software that they haven't analysed its code? 🧭
And what tips do you have for people who aren't developers, to help them make the best choices when they can't understand the code? Who can they trust?
#opensource #cybersecurity
Kevin Karhan :verified: •
- Also make shure it uses #OpenStandards, because #OpenSource can be just a "smoke grenade" when it's a #centralized, #proprietary, #SingleVendor & #SingleProvider solution.
#ReproduceableBuilds for example are important, so the actually released source code is what people actually get served as basis.- Both of the latter points are something that @monocles / #monoclesChat does perfectly and that @signalapp completely fails at!
Plus in terms of #security, choose *real #E2EE with #SelfCustody of all the #Keys!All Europeans •
Checking reproduceable builds looks a little bit complicated but it would be great if we could do it easily! 🤔
Kevin Karhan :verified: •
F-Droid •
https://f-droid.org/docs/Inclusion_How-To/#reproducible-builds
Inclusion How-To | F-Droid - Free and Open Source Android App Repository
f-droid.org