From 946336e250c3a7760e89ae1b02a43c7ced201add Mon Sep 17 00:00:00 2001
From: DarkSun <lujun9972@gmail.com>
Date: Mon, 19 Jul 2021 05:04:19 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E9=80=89=E9=A2=98[news]:=2020210718=20Is?=
 =?UTF-8?q?=20Open-Source=20Software=20Secure=3F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

sources/news/20210718 Is Open-Source Software Secure.md
---
 ...20210718 Is Open-Source Software Secure.md | 163 ++++++++++++++++++
 1 file changed, 163 insertions(+)
 create mode 100644 sources/news/20210718 Is Open-Source Software Secure.md

diff --git a/sources/news/20210718 Is Open-Source Software Secure.md b/sources/news/20210718 Is Open-Source Software Secure.md
new file mode 100644
index 0000000000..d6d249b54b
--- /dev/null
+++ b/sources/news/20210718 Is Open-Source Software Secure.md	
@@ -0,0 +1,163 @@
+[#]: subject: (Is Open-Source Software Secure?)
+[#]: via: (https://news.itsfoss.com/open-source-software-security/)
+[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
+[#]: collector: (lujun9972)
+[#]: translator: ( )
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+
+Is Open-Source Software Secure?
+======
+
+Being someone who prefers [Linux for desktop][1] and encourages using open-source software, you may expect the answer to the question raised in the headline with a big “**Yes**“.
+
+But I am not going to limit discussing the benefits of open-source software. Let us explore more!
+
+Here, I plan to share my thoughts on if open-source software is secure and what are the things involved in it that make secure or insecure.
+
+### Why Should You Care if Open-Source Software is Secure?
+
+No matter whether you use [Linux][2] or any other operating system, you will be surrounded with open-source software in some way (directly/indirectly).
+
+To give you an example, most of the proprietary software tools depend on some form of open-source libraries to make things work.
+
+Furthermore, there is a reason why companies of various scale (including Google, Microsoft, and Facebook) rely on open-source software or contribute their resources to the open-source community in one way or the other.
+
+Hence, the security of open-source software is something essential to know about.
+
+### Myths About Open-Source Software Security
+
+![][3]
+
+While there are several arguments to pitch the cons of open-source software in terms of security, some of them just do not make any sense.
+
+#### Anyone Can See &amp; Exploit the Code
+
+The code is accessible to everyone, yes. But just because you can see the code—does that mean anyone can exploit it?
+
+**Not really.**
+
+Even though anyone can create a fork (or copy) of the software, the original software cannot be manipulated easily.
+
+Usually, the project maintainer (or a group of them) manage the code repository and accept the commits from contributors. The code is reviewed before approval. And no one can hijack the code just like that.
+
+**It takes effort for an attacker to exploit a vulnerability or add malicious code in a software, no matter if it is open-source or closed source.**
+
+#### Without Dedicated Resources, Security Breaks down
+
+Many believe that without dedicated employees or a team for an open-source software, it is difficult to maintain security.
+
+In contrast, with several types of contributors joining and leaving, the software gets more attention from a wide range of developers.
+
+And they may be able to spot security issues better than a few employees assigned for a proprietary software.
+
+Some projects from the likes of Mozilla have a dedicated team to effectively iron out security issues. Similarly, most of the successful open source projects have plenty of resources to dedicate for security.
+
+Hence, the open-source software ecosystem is a mixed bag for security. Even without dedicated resources, the projects get help from various contributors, and some are profitable to a great extent which helps them dedicate more resources.
+
+### Open Source Software is Secure: Here’s How
+
+![][3]
+
+Now that we have tackled the myths, let me highlight how open-source software deals with security issues.
+
+In other words, the benefits in security with open-source software.
+
+Not to forget, the perks of open-source software translate to some of the reasons why [Linux is better than Windows][4].
+
+#### More Eyes Looking at the Code
+
+Unlike a proprietary software, access to code is not limited to a few developers.
+
+Some projects may even have thousands of developers watching the code, reviewing them, and flagging or fixing security issues.
+
+And this gives an edge over closed-source software by having **the ability to identify issues quickly and addressing them as soon as possible.**
+
+Not just limited to more developers, often enterprises get involved with open-source projects that they utilize. And when they do, they will also go through the code and review it.
+
+This gives another source of external audit that may help improve the security of the software.
+
+In contrast, with a closed-source software, a limited number of developers may not be able to find all kinds of security issues. And it may take them longer to fix all the issues one by one.
+
+#### Community Decision Making to Prioritize Security Issues
+
+The developers of a closed-source software may have certain restrictions and priorities as what to work on and when to resolve an issue.
+
+However, in case of an open-source project, the community of contributors can prioritize and assign themselves what they want to work on and when to fix an issue. You do not need to depend on a vendor or follow their instructions to address a security issue.
+
+The decision making that goes into addressing and fixing the security issues is more transparent and flexible in case of an open-source software. Hence, it can prove to be more effective leaving you with three specific benefits:
+
+  * **Transparency**
+  * **No dependency on the vendor**
+  * **Faster security updates**
+
+
+
+### Open Source Software is not Bulletproof: Here’s Why
+
+![][3]
+
+While there are cases where open-source software may get an edge for security, there could be instances or factors that affects it.
+
+It is important to acknowledge that these problems exist, accordingly, an enterprise or an individual can make better decision about the state of security for an open-source software.
+
+#### Not enough Eyes to Review Code and Uncertainty
+
+Even if the code is accessible the world of developers, there are chances that a **project does not have enough contributors/developers to thoroughly review the code**.
+
+In that case, we cannot have great confidence of an open-source software being peer-reviewed, because it lacks exactly that.
+
+The open-source software may “claim” to have the best security just because its open-source, which is misleading when there are not enough developers working on it.
+
+Also, we do not know how many developers are looking/reviewing the code and how exactly the code walkthrough is going on.
+
+For instance, the Heartbleed bug was spotted after 2 years of its introduction in a project that was already popular i.e **OpenSSL**.
+
+#### Software Responsibility or Accountability
+
+This may not be important for individuals, but an **open-source software often comes with no warranties**.
+
+So, if a business uses it, they must take the responsibility of any losses or damages caused by the use of that software.
+
+This is something that tells you that nothing can be 100% secure and bug-free. No matter how many eyes you have on a code, or how skilled the contributors are, there will be risks in some form, be it security or data loss.
+
+And this brings us to the fact that open-source software is not bulletproof.
+
+### Open Source May Have its Edge for Better Security But…
+
+Nothing is superior when it comes to security. No matter if it is closed-source or open-source, the same set of principles apply when it comes to security.
+
+There are various external factors that can affect the security of a software, and **many of those are not source dependent**.
+
+The code must be monitored in the same way to keep things secure.
+
+Yes, the **open-source approach introduces benefits that closed-source software will never have**, but that does not mean that it is bulletproof.
+
+_What do you think about the state of security when it comes to open-source software?_ _Do you think it is superior to proprietary solutions?_
+
+I would appreciate your valuable thoughts in the comments down below.
+
+#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
+
+If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
+
+I'm not interested
+
+--------------------------------------------------------------------------------
+
+via: https://news.itsfoss.com/open-source-software-security/
+
+作者：[Ankush Das][a]
+选题：[lujun9972][b]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://news.itsfoss.com/author/ankush/
+[b]: https://github.com/lujun9972
+[1]: https://news.itsfoss.com/linux-foundation-linux-desktop/
+[2]: https://itsfoss.com/what-is-linux-distribution/
+[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQzOSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
+[4]: https://itsfoss.com/linux-better-than-windows/

From 10981ef26a128e17e9825b6e4ab24ac61faa157f Mon Sep 17 00:00:00 2001
From: "Xingyu.Wang" <xingyu.wang@gmail.com>
Date: Mon, 19 Jul 2021 07:43:44 +0800
Subject: [PATCH 2/2] Rename sources/news/20210718 Is Open-Source Software
 Secure.md to sources/talk/20210718 Is Open-Source Software Secure.md

---
 sources/{news => talk}/20210718 Is Open-Source Software Secure.md | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename sources/{news => talk}/20210718 Is Open-Source Software Secure.md (100%)

diff --git a/sources/news/20210718 Is Open-Source Software Secure.md b/sources/talk/20210718 Is Open-Source Software Secure.md
similarity index 100%
rename from sources/news/20210718 Is Open-Source Software Secure.md
rename to sources/talk/20210718 Is Open-Source Software Secure.md