Common misconceptions
There's a lot of advice floating around the privacy and security space, but how much of it is true? Watch out for these potential pitfalls when you're evaluating claims!
1. "Open-source software is always secure"
The myth that all open source software is more secure than closed source software stems from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. Open-source software has the potential to be more secure than proprietary software, but there is absolutely no guarantee this is the case. When you evaluate software, you should look at the reputation and security of each tool on an individual basis.
Open-source software can be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, unless you do so, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as supply chain attacks.
One such notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into xz
, a popular compression library. The backdoor (CVE-2024-3094) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering.
To avoid biased decisions, it's vital that you evaluate the privacy and security standards of the software you use.