Ofcourse can there be security bugs in Open Source. Which can be exploited by the NSA and others. But such bugs are far less common then in Closed Source.
Open Source in itself doesn't promise security, but it _is_ a _requirement_ for security!
No Open Source (including in hardware)? No security.
Any program (OS) running on a TC chip? No security. (en.wikipedia.org/wiki/Trusted_Computing)
Also: if it is Open Source, it is not possible to hide backdoors and security flawed programming. Since everybody can see the code, the criminal putting the malware in the code, always will be found. And thus, there are no deliberate security errors in Open Source. Also, because everybody can see the code, it forces the programmers to code neatly (otherwise, they will get a lot of bad comments). Closed Source programmers can mess around as much as they want - as long as the program works. Nobody can see their mess.
PS: the button 'create an account' doesn't work... Hence, there will be 'Anonymous Coward' above my post.
Slashdot Mirror
Ofcourse can there be security bugs in Open Source. Which can be exploited by the NSA and others. But such bugs are far less common then in Closed Source. Open Source in itself doesn't promise security, but it _is_ a _requirement_ for security! No Open Source (including in hardware)? No security. Any program (OS) running on a TC chip? No security. (en.wikipedia.org/wiki/Trusted_Computing) Also: if it is Open Source, it is not possible to hide backdoors and security flawed programming. Since everybody can see the code, the criminal putting the malware in the code, always will be found. And thus, there are no deliberate security errors in Open Source. Also, because everybody can see the code, it forces the programmers to code neatly (otherwise, they will get a lot of bad comments). Closed Source programmers can mess around as much as they want - as long as the program works. Nobody can see their mess. PS: the button 'create an account' doesn't work... Hence, there will be 'Anonymous Coward' above my post.