| ▲ | simonreiff 5 hours ago | |
Is there any recent research on whether open or closed-source projects are more secure? I am genuinely curious if anyone has studied the question. | ||
| ▲ | teunispeters 4 hours ago | parent [-] | |
I mean "yes but" lots from 2015 and before, on a scholarly paper search engine. (I do not have access to most, but there are some public ones) I mean as a convention when dealing with cryptography, so far the only organization that has succeeded in doing closed-source cryptography securely, has been the USA's "NSA", and mostly their algorithms are public. I mostly work in the closed source world, however my observation from all the code bases I've seen is "mostly open source are more secure", except when very thorough following of formal security specifications are followed, and then security is as good as the specifications. (YMMV there, of course). | ||