Comment by fsflover
4 years ago
> It could be argued that distributed FOSS developers are easier to pressurise into adding back doors
All millions of them at the same time?
4 years ago
> It could be argued that distributed FOSS developers are easier to pressurise into adding back doors
All millions of them at the same time?
Of course not.
You'd only need a few important ones, and all you'd have to do is compromise them in one way or another. This can be done via coercion, via money, or by physically or virtually breaking into their system(s).
For example, if money can be an incentive, you can stimulate a FOSS dev to add a NOBUS vulnerability in code. Also, since all the code is public, organizations like NSA can do in-house fuzzing, keeping the findings to themselves.
And any other researcher can fuzz the code themselves too and make their findings public.
This is what happened with TrueCrypt. After that fork VeraCrypt was created, because you can never coerce everyone in the world.
Independent audits should help against backdoors. Again, the FLOSS nature of software and huge number of developers are essential here.
But the nature of FOSS software is such that if an undesirable feature is added it can be taken out by the user or the project can be forked.