Comment by CapsAdmin
19 hours ago
I'd say it's objectively true to say that open source software is easier to audit compared to closed source software, which you can extrapolate to mean that it's less prone to malicious code injection.
It's not perfect, but surely it's easier to audit for malicious code than closed source.
Also, there is no shortage of volunteers looking out for code changes in established open source software. I think it's fair to exclude software that is very new and/or that has no users, which may be closer to equal footing with proprietary software.
Even for established proprietary software, you get volunteers watching out for changes in releases. Though, far less than open source, and more reserved for people who know reverse engineering.
I think there's no question that auditing open-source software is easier, but it can be harmful if auditing actually basically never happens yet people wrongly believe that all the open-source software they're installing must be audited. At that point it's not any better than relying on the fact that technically someone could disassemble binaries to try and inspect them without worrying too much about whether that happened.