While source code is critical for user autonomy, it isn't required to evaluate software security or understand run-time behavior.

I find people who agree with me for the wrong reasons to be more problematic than people who simply disagree with me. After writing a lot about why free software is important, I needed to clarify that there are good and bad reasons for supporting it.

You can audit the security of proprietary software quite thoroughly; source code isn’t a necessary or sufficient precondition for a particular software implementation to be considered secure.

  • TheAnonymouseJoker@lemmy.ml
    01·
    3 years ago

    As an ex-pentester, I can assure you that having a blackbox security tools returning no findings is not a sign that the software is secure at all. Those may fail to spot a flawed logic leading to a disaster, for instance.

    I am tired of people acting like blackbox analysis is same as whitebox analysis. It is like all these people never studied software testing and software engineering properly, and want to do some commentary just because internet fame and the rest of the internet audience is dumber.