Is Open Source Software Potentially Risky?

[crlang13]

The bottom line is that with an open source project, anyone can potentially check the source. Some do, most do not. With a closed source project there is no way to know. Nobody checks. Nobody can check.

I'm more inclined to trust my "neighbors", the independent developers, than I am to trust any large corporation.

I've got to agree. Although I haven't taken a look at the source for Ubuntu, or Firefox, or Open Office etc, I would assume that many people in the community have and there would be a crazy angry user explosion if someone found something.

We can't check Microsoft so no one will ever know.

Either way, whether it's a main stream open source project or a main stream proprietary project, they're not going to do something as blatantly steal your bank info, that would be too obvious. They'll take other information that will get you to spend more money with their company...

[Tibuda]

I think both open source and closed source have the same potential. Sure I can look at the Linux source code, but I would not understand anything there.

[pmbuc]

I believe an important point has been missed in why Open Source projects tend to be less risky and more secure than their Closed Source brethren. It has been mentioned here that Google and Sun wouldn't have a reason to pollute their code with malware, but in fact they do and they want to. Closed Source, profit-making ventures have partners who pay for the privilege of being included in. (This is often more true with Freeware, which, of course, is not the same thing as Open Source.) Spyware and Adware is as legitimate as the EULA you agreed to implies or states. The indication that third-party partners will have a go at your privacy is implied in just about every one I have read through. Open Source projects can imply the same, even try to add partners with the installation, but the open code allows the public to see this and make it public, even correct for with a new compilation. It's much harder to hide the fact in Open Source.

All this said, security is based on the quality of the coding and the attention to details by the coders. A good program is a good program, regardless of who made it, whether for profit or for free. Which brings focus on to the fact that not all Open Source projects are well designed or extremely safe to use. Caveat Emptor still applies here. Your mileage will always vary. But I would trust a well-designed Open Source project that fits my needs over a commercial Closed Source one, any day.

[WinterMadness]

I tried my best to avoid an overly inflammatory title.

I've been using Linux for a couple years now and there's one thing I've always wondered about Linux and open source software in general. Who to say that there isn't malicious code (key-logging identify theft type) in an open source project?

One can counter that there are so many eyes watching projects that it's near impossible to slip in something bad without anyone seeing it, but isn't that being overly optimistic? If I download and use a program and then find out later that it was secretly a front to capture my information, isn't that too little too late?

Now, I don't want to come across too harsh or cynical about human behavior. I appreciate the efforts that wonderful people invest in my favorite projects, such as KDE, but sometimes it's hard to believe that so many people can invest so much time into something that doesn't really generate profit.

What is the forums thought on this?

the only reason you think its impossible for people to function without profit is because youve been conditioned to think thats the only way to do things.

many tribes (including ancient european ones) had community control of resources at one point. you could even say, its the default position.