Like a privacy based fully open source browser. Wouldnt it be more hackable because every one know the script and is a glopal privacy based gpay alternative possible ? What about targeted hacking is someone using closed source application more better off than someone with ooen source ?
On the contrary, it’s more easy to secure because anyone can contribute. See a bug? Report it / Fix it.
Take backdoors for example. The CIA can abuse a windows backdoor all they want because we can’t see it however on Linux such a thing doesn’t exist because we have the code.
And even if a 0-day exploit was found and used, it would get patched really fast, it would be up to the user to do his due diligence and update.
This is where most of the problems in open source come from. Just because anyone can look at the source code doesn’t mean that anyone actually is. It frequently seems that everyone just assumes that popular/common libraries have been reviewed and vetted, but never bother to check for themselves unless they happen to work in application security. It’s like Douglas Adams’ SEP field. And many common modules became common because they were convenient and/or easy to use, not because they were rigorously developed and tested with strong security principles.
Of course expecting every user to inspect the source of every piece of software they use, every time it gets an update, is utterly ridiculous. No one would ever actually use anything.
With closed source, the problem is that you can’t see the code so you need to be sure that you trust the developer. With open source, the problem is spaghetti code (and worse, spaghetti dependencies) so again you need to be sure that you trust the developer(s).
Hold up, hold up. “on linux such a thing doesnt exist” is a very bold statement for something containing millions of lines of code.
There where and will be more then enough zero days in Linux, be it because of malice or incompetence.
Open source doesn’t say anything about the quality of the code.
Ever heard of log4j? Open source code…
That part is about backdoors, not zero days. However, even still backdoors may exist. Linux has libraries and other code, as well as code that hasn’t been checked well enough, than could contain backdoors. It’s less likely than Windows, but still possible.
I’ve heard from “reputable sources” (internet schizos) that every cpu since 2010 has been backdoored by the nsa. This can be exploited on any platform.
There’s the Intel management engine and the amd platform security processor. Both manage low level tasks like booting, and have access to network data. Amds psp is known to have unrestricted access to user memory.
There have been security vulnerabilities that would grant access to sensitive data exploiting both systems if not patched.
As for a backdoor, there’s no evidence but I wouldn’t be surprised. The NSA has programs to insert backdoors into consumer products and these seem like the perfect place to do it. But again, there’s no evidence either chip is part of these programs.