12/24/2022 0 Comments F secure safe free![]() ![]() ![]() I'm not convinced that commercial closed-source software is likely to have better security practices simply because they're a commercial operation. Most reputable projects, open source or closed, aim for this. I think ultimately the security practices are more important than the means of distribution: a program that's been designed with security in mind from the start, with a robust code review and auditing system applied throughout, and proper channels for disclosures/bug bounties is the best we can hope for. You can take examples from either side: there are plenty of times "obvious flaws" have been found in both open and closed-source software, sometimes quietly disclosed and fixed, other times exploited in the wild. Whether that is a benefit or a detriment seems to depend on who you ask… Open sourcing makes this process somewhat easier for both black and white hats. Ultimately an actor, good or bad, is still perfectly able to find and exploit weaknesses in closed source software via various methods (fuzzing, reverse engineering binaries, etc). It's an interesting and unresolved point regarding open source security. Possibly an important distinction for something that holds ALL your passwords, credit-cards, Yeah if the free version of Bitwarden doesn't meet your needs that's fair enough. Those 2 guys were doing their best (and an awesome job too) in their spare time, but vulnerbilities crept in nonetheless.Ī commercial product doesn't guarantee there won't be similar issues but at least they are on the hook and they pay their programmers so it's expected that they will have some form of auditing done, and the code can't be inspected by people you don't want looking. There were some severe code deficiencies for many years simply because no-one looked/audited. We all saw last year the sh!tstorm that happened with openssl being maintained by only 2 ppl, but used by hundreds of thousands of applications/organisations. The other potential issue with BW is that although it's open source, meaning the code can be audited - that doesn't mean that it is - but it can also be checked for flaws/vulnerabilies by bad actors and then exploited. ![]() A mate looked into BW last year but it was missing 1 or 2 keys things we both wanted/needed can't recall what they all were though except that the families option/shared vaults (which I use extensively) is not free - US$40/yr - so almost the same cost as 1password (actually more, if you use the discount link I posted earlier).Īgain, it will improve over time and may have those other things soon. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |