For questions about security practices as applied to open source software.
For questions about practices and procedures for security of open source software and dealing with vulnerabilities.
Questions tagged [security]
28 questions
39
votes
7 answers
What guarantees that the published app matches the published open source code?
Take as an example the Italian app "Immuni" (https://github.com/immuni-app), used by the government to trace contacts exposure against COVID-19.
Since many people were afraid about how the app would have used the phone location, contacts, etc.. the…
ABCplus
- 501
- 4
- 5
10
votes
1 answer
Malicious code in open source software planted before open sourcing
We know it's very hard to sneak in malicious code via commits to an open source project with a public repository. However, what about closed source projects that get open sourced and start with a large code dump, and where the temptation may be…
Dan Dascalescu
- 293
- 1
- 7
8
votes
3 answers
How can I trust to Open Source programs?
I have a question about Open Source programs. How can I sure an open source program is safe and isn't spying on me? For example, I installed Firefox on Linux and how can I sure this program is safe! It is true that Firefox is open source, but who…
Nongeek
- 81
- 2
6
votes
2 answers
How can we verify that the open-source code is deployed and actually in use?
Many corona apps are developed in the moment, and some of them e.g. In Germany are open source.
Many people fear to be spied by this app. Im definitely Not one of them.
Still it raised the question in me:How can we make sure that the open source…
Ludi
- 161
- 3
6
votes
6 answers
Is it possible to verify device identity transparently?
To what extent can we verify the identity of a particular mobile device, over NFC, in an entirely transparent manner?
Consider the following situation: A large organization currently handles access control with ID cards, which must be scanned for…
Wayfaring Stranger
- 163
- 6
5
votes
1 answer
How do we verify if the code deployed in same as the one published?
My question might be naive but wanted to clarify this anyway.
We see software being published as open source. Take for example Signal. We can audit the software since its public. But how do we verify if the code that gets deployed in their actual…
omeganebula
- 53
- 5
5
votes
2 answers
Assessing potential security flaws in open source software
Are there established guidelines or best practices for checking open source software for security flaws prior to using it in a business environment?
Is this down to the individual business to decide for themselves or are there approaches that apply…
trichoplax is on Codidact now
- 2,169
- 13
- 30
3
votes
2 answers
Is open source software less or more secure than proprietary software?
Free software evangelists often advertise free and open source software to be more secure than proprietary alternatives.
Is this true, and why?
Are there security reasons not to use free and open source software?
Jens Erat
- 289
- 2
- 9
1
vote
2 answers
Create an OAuth2.0 Application that doesn't violate Google TOS?
I've almost completed a Blender Add-on that allows a user to upload a video to Youtube. It has just come to my attention that embedding your app's credentials from the client_secrets.json file into an open source application violates the Google…
AkBKukU
- 21
- 4
1
vote
1 answer
Is open-source a right model for secure, mission critical software?
Recently, I engaged in a discussion on what would be the most befitting model for a piece of software sitting on top of an electronic voting system i.e. being in charge of collecting and summarzing results, detecting any fraudulent actions etc. The…
Pasato
- 119
- 2
-1
votes
2 answers
Does Free Software Foundation's guidance about SaaS disallow usage of password vaults?
Password vaults, which utilize public and (likely passwordized) private keys to host and protect principally-non-human-memorized-passwords, are a kind of SaaS that remotely stores and supplies password data to a user over a network. They have…
oleosecuritet
- 17
- 1