On 9/13/2022 4:14 PM, Thiemo Kellner wrote: > Am 12.09.22 um 19:47 schrieb Chuck Zmudzinski: > > "Open Source Software is accessible to all means it can be used and > > misused. > > And, that’s where it turns unconstructive for us. With OSS, we can expect > > harm, > > virus transfer, identity burglary, and many other malicious practices to > > hurt the > > process." [1] > > ... > > > > [1] > > https://medium.com/quick-code/advantages-disadvantages-of-open-source-software-explained-2fd35acd413 > > Hi Chuck > > ... > > I do not quite get the meaning of "Open Source Software is accessible to > all means it can be used and misused." by Megha Verma. Assuming that it > is by its nature possible to "inject" malicious code then yes and no. > Yes, it theoretically is possible as anyone can get and change the code, > but no, if the project is fairly well maintained, i.e. no commits to the > main branch of the code repository without any review. Personally, I > have been using OSS for more than 25 years and never had the suspicion > any of the OSS I used was acting malicious.
I think Megha is emphasizing, and possibly over-emphasizing, the fact that the persons who actually commit the code in free software projects can operate with little or no oversight when they are just volunteers not really accountable to anyone. Also, we do not really know what the malware/ransomware situation would be like today around the world if free/oss software were not as ubiquitous as it is today in web servers, phone operating systems like android, etc. It clearly is not a good situation now regarding malware and ransomware around the world, and it is not unreasonable to think the situation might be better if either 1) open source projects exercised more oversight than they currently do over the persons who actually write the code and release the software, or 2) free/oss software never became ubiquitous. We just cannot know without being able to do a time machine experiment and see how the software world would have developed if free/oss software had not become as ubiquitous as it is today. If there was not a serious problem of malware, identity theft, ransomware, etc., I would be more inclined to question what Megha Verma wrote, but based on what I see in how free/oss projects are governed, I am not surprised that a world that relies on so much free/oss software also suffers from so much malware, ransomware, identity theft, etc. Just because *you* have not experienced malware in the software you use does not mean that there are no cases where free/oss software is being deployed elsewhere in a stealthy way for malicious purposes. I am fairly sure I was a victim of the breach of Yahoo that affected hundreds of millions of its users. A word to the wise: be vigilant about the software you use and take note of any red flags. I know people will reply and say it is much worse with proprietary software. But we really cannot know for sure, because free/oss is so ubiquitous now it is hard to separate free/oss software from proprietary software. For example, most web browsers are based on chromium, a free oss project that comes in large part from Google, but some of the most-used browsers in the world based on chromium are proprietary, such as chrome and edge. I recommend everyone be very aware of the risks of using any software, whether it be proprietary software or free/oss software in today's world of so much malware. Best regards, Chuck
