opesource means no negative issues?

is opensource generally safe and more sound, in terms of practical tools/apps from online?

if so, what will be top 1 or 2 website that gives source of all available good opensource tools/apps?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It really depends on the project. If it's a large project like VLC or Android where you have a lot of people looking at the code, it will most likely be very safe and sound. If it's some little side project managed by a small handful of people, it might be very unsafe.

Open source projects are not likely to have much actual malicious code because everyone can see who added what so you're much less likely to get malware or viruses directly but there could easily be security holes and attackers can find the holes pretty easily since the code is just out there.

There is no single website for finding open source projects (other than perhaps Google search). There may be for specific types of applications. Wikipedia often has lists of open source projects for any specific type of application.
Lee W, MVPTechnology and Business Process AdvisorCommented:
It's also highly debatable.  Open source means anyone can look at the code and find problems to exploit.  Of course, anyone can look at the code and find problems to alert the developers about... so is it safer to have everything in the open?  Or is it safer to make things more difficult for unauthorized people to view?
David Johnson, CD, MVPRetiredCommented:
sourceforge has been purchased and the new purchasers have discontinued the unwanted programs that their installer was using.

Closed source means that you have to trust the manufacturer and you decide by their reputation.
Open-Source means that many eyes look at the source.. it doesn't necessarily mean that they have closed all of the holes. openssl has had problems for years that no one noticed. It also doesn't follow that any program has passed a security review. Again you have to take into account the reputation of the group that is involved in the project.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

As someone responsible for maintaining a bunch of endpoints, I prefer tried and true licensed and purchased software. You get what you pay for in terms of software assurance and support. If you use a bunch of free stuff, you can pretty much count on figuring it all out yourself and trying to cobble together a complete solution. Every time we see a client try to go the "free" route it actually creates more hassle. I'm sure further posts will disagree with my view, but if you don't have hours to spend on creating your own wheel, buy it.
Did you hear of the OpenSSH Linux bug?
A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period.

Of course hindsight is 20-20, but after the announcement, I read that some crypto experts said that the implementers were just not very knowledgeable about cryptography. (I recall that they use harsher words.)

Nevertheless, at many companies, they use quite a number of FOSS programs (free and open source).
I heard that git hub had a good open source respository (that you can contribute to). So, I searched and here is what I found:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
25112Author Commented:
V valid points. Thanks..
Just read this today:
Extremely severe bug leaves dizzying number of software and devices vulnerable
Since 2008, vulnerability has left apps and hardware open to remote hijacking.

The vulnerability was introduced in 2008 in GNU C Library, a collection of open source code that powers thousands of standalone applications and most distributions of Linux, ...
For many people running servers, patching will be a simple matter of downloading the update and installing it. But for other types of users, a fix may not be so easy. Some apps that were compiled with a vulnerable version of glibc will have to be recompiled with an updated version of the library, a process that will take time as users wait for fixes to become available from hardware manufacturers and app developers.
It remains unclear why or how glibc maintainers allowed a bug of this magnitude to be introduced into their code, remain undiscovered for seven years, and then go unfixed for seven months following its report. By Google's account, the bug was independently uncovered by at least two and possibly three separate groups who all worked to have it fixed. It wouldn't be surprising if over the years the vulnerability was uncovered by additional people and possibly exploited against unsuspecting targets.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.