When you have an open source project, if it becomes popular, it can be one of the greatest achievements that a programmer can have.
Most applications that a programmer works on will only be seen by a small amount of people, even if they release it commercially; very few application become popular.
Open Source Applications
But, in the world of open source, it doesn’t matter as much.
The start up cost of a programmer developing their own application is almost nil and it is not built for them to become famous.
It is a tool that the programmer wants to share with other people.
Releasing the code also allows the programmer to get help from his peers.
This help from his peers can lead to a lot of holes being fixed, including security holes.
No matter how much experience you have in the world of creating applications, you will always leave security holes open; the problem you want to solve is having the fewest amount possible.
Having other talented programmers help you go over your code will help you cut down on the security bugs significantly, especially if they are well versed in finding security problems.
When you have a commercial application that is closed sourced this is not possible – others can not see the code since it is in a black box.
At best, they can use a disassembler and see the code in a byte code or assembly format which is the same type of method that hackers use when they are trying to subvert the code for their own purposes.
So, while you may be stopping black hat hackers momentarily from getting to see the code for your application, you are also stopping people that would help you secure the code.
Black hat hackers have a financial motivation to try to break your code, white hat hackers do not.
So they will not go over it and see if there is a problem.
As you see, this is a big advantage for open sourced projects.
Open Source Projects Are Not Completely Rosy
On the flip side, there is a problem with open sourced projects as well.
It is great that once a project becomes popular, that you have a lot of eyes to help review the code but what happens if the project doesn’t become popular?
What if no one uses the code?
Then that means there will be no extra eyes on the project.
Also, it means no security advantage.
The original developer might grow bored with project and abandon it.
This means that no one will be there to fix any bugs that may lay in the software.
This is a huge concern, especially for a business.
It might sound weird, but a business cares less about the cost of a product and more about the reliability of the product.
It doesn’t matter if the product is free if it does not prove to be secured at the end of the day.
So is an open sourced project more secured than a closed source project?
The answer is that it depends.
But if the project is a popular one, then you can rest assured that the security on the software will be as much or more secured than the commercial alternative.