diff --git a/opsec/closedsource/7.png b/opsec/closedsource/7.png new file mode 100644 index 0000000..8e7c21b Binary files /dev/null and b/opsec/closedsource/7.png differ diff --git a/opsec/closedsource/8.png b/opsec/closedsource/8.png new file mode 100644 index 0000000..82df8c9 Binary files /dev/null and b/opsec/closedsource/8.png differ diff --git a/opsec/closedsource/9.png b/opsec/closedsource/9.png new file mode 100644 index 0000000..73cc015 Binary files /dev/null and b/opsec/closedsource/9.png differ diff --git a/opsec/closedsource/index.html b/opsec/closedsource/index.html index bf5f522..6289d8c 100644 --- a/opsec/closedsource/index.html +++ b/opsec/closedsource/index.html @@ -143,6 +143,63 @@ +
+
+
+
+

Security in FOSS



+

+ Open Source Software is essential for security. +

+

+ A common argument made for closed source software is that it is 'more secure', often brought up in disagreements like iPhone vs Android or the general Company Software vs Community FOSS debate. +

+

+ In reality, security is compromised and reduced when software is closed source. +

+

+ We have to first understand that perfect security is not possible. There will always be potential vulnerabilities in any software regardless of what it is. + This what security patches and updates are for, changing of the software to fix issues. +

+

+ Let's compare Apple's MacOS vs the Linux Kernel as an example to display why open source is better for security. Below is an image of the top section of of Apple's security page for MacOS Sequoia 15.4. +

+

+

+ Although we get brief confirmation that the listed vulnerability has been fixed, we cannot actually verify the patch. We have to trust that it has been fixed reliably in the MacOS source code and none of the questions listed above are answerable. +

+

+ This opens up several questions or even threat vectors. If the patch was not done properly and created a new vulnerability, we would not be able to tell. + Or if a malicious government/adversary pressured them into adding a backdoor or spyware into a patch, we similarly would have no way of knowing. Put simply, nearly all specifics of updates are opaque and only known to the developers. +

+

+ Below is an image of the Linux kernel's git history. +

+

+

+ Unlike the one sentence security patches on the MacOS page, you can see every single line of code that was changed in each commit of the Linux kernel. This transparency and visibility is very important for security. +

+

+ Firstly, unlike only the Apple developers being able to patch security vulnerabilities or review the source code, anyone can review the source code of the Linux kernel. + This means that vulnerabilities can be searched for in the source code itself instead of just on the application layer. The concept of security through obscurity or purposefully making software closed is flawed since that does not actually solve existing vulnerabilities. +

+

+ Having source visible almost always leads to high security since anyone can submit patches after their code review if they found an issue. + Compared to just a single developer team for the closed source software, the number of eyes on the code of a piece of open source software is much higher, which means more code review and more safety testing, ultimately leading to greater security. +

+

+

+ Moreover, the visibility is crucial: Apple can claim they fixed a critical security issue but as mentioned, we cannot review the code ourselves to check if it properly fixes it or of there is spyware/a backdoor. + In open source software, we can verify the update and make sure there isn't any spyware ourselves. +

+

+ The transparency and availability in open source software provides auditable, trustable changes and the best possible security. +

+
+
+
+
+