So with open source software more on my mind lately I was wondering - while I get the benefits of transparency and such, how safe is it? If the source code is available to all, isn’t it easier to breach for people (like the recent cookies hack)? If I’d have an open source password manager, would it be easier for people to get my passwords somehow than if I use something not open source? Do I just not understand how software works in general?
And what are other benefits that may be not so obvious to someone not so knowledgable about this?
Edit: thank you all for really insightful answers! Among other things I also learned just how much I don’t know :)
Like most things, it’s about balance. All changes to open source software must be approved by the community managing it, and if that community is lazy or poorly managed or simply too busy then there’s an opportunity for new vulnerabilities to be created, either accidentally or maliciously.
But for well managed software, as other people have said you can get more changes more frequently, more security as many people are evaluating the code base, and greater attention to what users want rather than what’s profitable. Whereas with closed source software there is a greater focus on profitability, and sometimes that leaves vulnerabilities open when development is rushed and/or vulnerabilities are not seen as important enough to justify the cost to fix, but sometimes that tendancy towards profitability can also ensure the product stays a market leader. Steam may be a good example of a good closed source product.