On 15/2/22 3:48 am, Phil Smith III wrote:
While clearly closed source is no more likely to be randomly secure than
open source, the fact that the source is available for open source (by
definition!) does perhaps change the equation a bit. The question I have
ZERO data to answer is:
If a hacker has access to the binary, they essentially have the code.
For example, give me Java Jar and I can use any number of Java
decompilers [1] (including my IDE) to recreate the source code verbatim.
Same for
C#. C/C++ not so easy but yet again there are decompilers, but you lose
the original symbol/label names. Most hackers just fire up a debugger
and look at the assembly. Assembly code is no brainer.
Of course, code leaks are common. The entire Windows XP code base was
leaked. By that time it was old but a huge amount of customers,
including the military, were still using it. Now a lot of companies are
all moving to
Git they better make sure they have locked down the repository host
servers. And if they're using Github or another cloud based repository
service then fingers crossed it never gets breached.
[1] https://github.com/deathmarine/Luyten
Are more vulnerabilities found by attacking the executing code, or by
examining the source and finding holes?
I'd be unsurprised to find either that there is extensive research on this,
or that nobody has analyzed it at all.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
