So with open source software more on my mind lately I was wondering - while I get the benefits of transparency and such, how safe is it? If the source code is available to all, isn’t it easier to breach for people (like the recent cookies hack)? If I’d have an open source password manager, would it be easier for people to get my passwords somehow than if I use something not open source? Do I just not understand how software works in general?
And what are other benefits that may be not so obvious to someone not so knowledgable about this?
Edit: thank you all for really insightful answers! Among other things I also learned just how much I don’t know :)
Security through obscurity is never a good thing, this has been proven many times over.
Basically, both models have been set to the test years after years, open source software always wins in regards of security over closed source solutions. Security holes are patched faster, and in most cases, way before they’re even exploited.
Other benefits are… well, you can change it however you like… or pay someone to change it (not so uncommon as some might think).
Providing enterprise support for open source software ain’t much, but it’s honest work
It still beats closed source solutions. We had SonicWall at work, it got breached 3 times. Now we have an OS solution, a company maintains it, we haven’t had a single breach in years.