> I know that people claim that open source is more secure because anyone can audit it, but I wonder how closely its security actually interrogated. Seems like it could be a massive instance of the bystander effect.
It depends on the software. Something widely used and critical to people who are willing to put resources in is a lot more likely to be audited. Something that can be audited has got to be better than something that cannot be.
> All of it gives me a bias towards using official sources from companies like Apple and Google, who presumably hire the talent and institute the processes to do things right.
I am not entirely convinced about that, given the number of instances we have of well funded companies not doing it right.
> You know anyone who cares has already taken shots at Android and iOS, and they're still standing.
There has been quite a lot of mobile malware and security issues, and malicious apps in app stores. Being more locked down eliminates some things (e.g. phishing to install malware) but they are far from perfect.
It depends on the software. Something widely used and critical to people who are willing to put resources in is a lot more likely to be audited. Something that can be audited has got to be better than something that cannot be.
> All of it gives me a bias towards using official sources from companies like Apple and Google, who presumably hire the talent and institute the processes to do things right.
I am not entirely convinced about that, given the number of instances we have of well funded companies not doing it right.
> You know anyone who cares has already taken shots at Android and iOS, and they're still standing.
There has been quite a lot of mobile malware and security issues, and malicious apps in app stores. Being more locked down eliminates some things (e.g. phishing to install malware) but they are far from perfect.