opesource means no negative issues?

25112
25112 used Ask the Experts™
on
is opensource generally safe and more sound, in terms of practical tools/apps from online?

if so, what will be top 1 or 2 website that gives source of all available good opensource tools/apps?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Awarded 2010
Top Expert 2013
Commented:
It really depends on the project. If it's a large project like VLC or Android where you have a lot of people looking at the code, it will most likely be very safe and sound. If it's some little side project managed by a small handful of people, it might be very unsafe.

Open source projects are not likely to have much actual malicious code because everyone can see who added what so you're much less likely to get malware or viruses directly but there could easily be security holes and attackers can find the holes pretty easily since the code is just out there.

There is no single website for finding open source projects (other than perhaps Google search). There may be for specific types of applications. Wikipedia often has lists of open source projects for any specific type of application.
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013
Commented:
It's also highly debatable.  Open source means anyone can look at the code and find problems to exploit.  Of course, anyone can look at the code and find problems to alert the developers about... so is it safer to have everything in the open?  Or is it safer to make things more difficult for unauthorized people to view?
Top Expert 2016
Commented:
sourceforge has been purchased and the new purchasers have discontinued the unwanted programs that their installer was using.

Closed source means that you have to trust the manufacturer and you decide by their reputation.
Open-Source means that many eyes look at the source.. it doesn't necessarily mean that they have closed all of the holes. openssl has had problems for years that no one noticed. It also doesn't follow that any program has passed a security review. Again you have to take into account the reputation of the group that is involved in the project.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

As someone responsible for maintaining a bunch of endpoints, I prefer tried and true licensed and purchased software. You get what you pay for in terms of software assurance and support. If you use a bunch of free stuff, you can pretty much count on figuring it all out yourself and trying to cobble together a complete solution. Every time we see a client try to go the "free" route it actually creates more hassle. I'm sure further posts will disagree with my view, but if you don't have hours to spend on creating your own wheel, buy it.
Did you hear of the OpenSSH Linux bug?
A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period.
http://thehackernews.com/2015/07/openssh-password-cracking.html

Of course hindsight is 20-20, but after the announcement, I read that some crypto experts said that the implementers were just not very knowledgeable about cryptography. (I recall that they use harsher words.)

Nevertheless, at many companies, they use quite a number of FOSS programs (free and open source).
I heard that git hub had a good open source respository (that you can contribute to). So, I searched and here is what I found:
https://github.com/search?utf8=%E2%9C%93&q=open+source

Author

Commented:
V valid points. Thanks..
Just read this today:
Extremely severe bug leaves dizzying number of software and devices vulnerable
Since 2008, vulnerability has left apps and hardware open to remote hijacking.

The vulnerability was introduced in 2008 in GNU C Library, a collection of open source code that powers thousands of standalone applications and most distributions of Linux, ...
...
For many people running servers, patching will be a simple matter of downloading the update and installing it. But for other types of users, a fix may not be so easy. Some apps that were compiled with a vulnerable version of glibc will have to be recompiled with an updated version of the library, a process that will take time as users wait for fixes to become available from hardware manufacturers and app developers.
...
It remains unclear why or how glibc maintainers allowed a bug of this magnitude to be introduced into their code, remain undiscovered for seven years, and then go unfixed for seven months following its report. By Google's account, the bug was independently uncovered by at least two and possibly three separate groups who all worked to have it fixed. It wouldn't be surprising if over the years the vulnerability was uncovered by additional people and possibly exploited against unsuspecting targets.
http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial