Statements like “Open source is more secure” or citing security as one of the benefits of using open source software seem to confuse people more than help them understand the open source philosophy. People counter these statements with questions like “Would a proprietary software be more secure if it was open sourced?”, and they conclude the exact opposite since the code is open for anyone to insert security holes and bugs. We cannot blame them completely for this misunderstanding, we open source advocates need to carry some blame to make such statements.
The truth is that open source software has more possibility of being more secure than the proprietary counterparts. Why? Because
- With the source code available to anyone, good developers can go through the code and find the security holes faster
- Because open source software is more easily available it can get more users who can complain about security holes quicker
- With enough developers contributing, these security holes can be fixed faster, even if it has been reported by a user like you
- But these changes are reviewed by other developers, so the code changes happen with consent and in view of the main developers
- If someone disagrees with the main developers, he/she can fork that project and form a different one.
The more probability of being secure comes from the fact that transparency of the open source code will not keep security holes unrevealed for a long time. Whereas proprietary software can keep carrying the security holes without being revealed and fixed. Open source software gets more secure as it evolves.