Denote source availability for recommended tools

Not open source specifically but source availablity does have a measurable impact on security posture of a product or a service.

This is one reason why Apple has opened up access to iOS for security researchers. If I am not wrong, Whitebox security audits also require sharing code.

Being open source is kind of like an open invitation for folks to test away, which is markedly better than any equivalently popular proprietary software / service. Sometimes, even reverse engineering or emulating closed source software / service can be subject to lawsuits (see: Corellium v Apple).

And when you consider build-time defences for software security, things like reproducible builds / dependency pinning / software bill of materials, open source (source availablity) has that inherent edge.

I run a couple open source projects and have got security reports submitted to us, which otherwise wouldn’t have come through if the code wasn’t readily available.

8 Likes