this post was submitted on 17 Nov 2023
45 points (100.0% liked)

Free and Open Source Software

17943 readers
37 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Let's say, I create a bank with the caveat that all of my banking phone apps and webapps are FOSS (or if they depend on non-free components — banks probably do to communicate with each other —, then just OSS). Am I going to be behind the competition by doing this?

If the most secure crypto algorithms are the ones that are public, can we ensure the security of a bank's apps by publicizing it?

Are they not doing this because they secretly collect a lot of data (on top of your payment history because of the centralized nature of card payments) through these apps?

EDIT: Clarifying question: Is there a technical reason they don't publicize their code or is it just purely corporate greed and nothing else?

you are viewing a single comment's thread
view the rest of the comments
[–] melmi@lemmy.blahaj.zone 33 points 1 year ago* (last edited 1 year ago) (4 children)

What incentive would a bank have to release their apps as FOSS?

You probably could create an open source banking app and use it to run a bank on a primarily open source software stack. But banks are not software companies, and they have no reason to engage with the FOSS world. We could think up lots of potential reasons for why a bank might not want to release their apps as FOSS, but the simplest answer is "why would they?"

I'd love to live in a world where free software is the norm, but we're not in that world. So if the bank has no incentive to do it other than the comparatively niche interests of the FOSS community, they just won't do it.

[–] jamesravey@lemmy.nopro.be 23 points 1 year ago (2 children)

There is also a lot of "security by obscurity" in the corporate/fintech world - "it's open source so everyone can see the code which makes it less secure". The inverse is often true thanks to Linus's Law.

[–] wisplike_sustainer@suppo.fi 2 points 1 year ago (1 children)

The inverse is often true thanks to Linus’s Law.

The article you linked seems to suggest that Linus's Law is a mere suggestion, at best.

No one is suggesting that open source is inherently less secure, just that the vulnerabilities are easier to find, and thus easier to get exploited. For a third party reviewer there's a lot of incentive not to report bugs they would find in banking software.

[–] jamesravey@lemmy.nopro.be 8 points 1 year ago

No one is suggesting that open source is inherently less secure

Unfortunately, I've met a number of people who genuinely do believe this! The same demographic who don't know how copy and paste works or take photos of stuff on their monitor instead of print-screening and tend to end up running large corporations even though they're completely out of touch.

load more comments (1 replies)