Let’s say, I create a bank with the caveat that all of my banking phone apps and webapps are FOSS (or if they depend on non-free components — banks probably do to communicate with each other —, then just OSS). Am I going to be behind the competition by doing this?

If the most secure crypto algorithms are the ones that are public, can we ensure the security of a bank’s apps by publicizing it?

Are they not doing this because they secretly collect a lot of data (on top of your payment history because of the centralized nature of card payments) through these apps?

EDIT: Clarifying question: Is there a technical reason they don’t publicize their code or is it just purely corporate greed and nothing else?

  • jamesravey@lemmy.nopro.be
    link
    fedilink
    arrow-up
    20
    ·
    1 year ago

    There is also a lot of “security by obscurity” in the corporate/fintech world - “it’s open source so everyone can see the code which makes it less secure”. The inverse is often true thanks to Linus’s Law.

    • wisplike_sustainer@suppo.fi
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      The inverse is often true thanks to Linus’s Law.

      The article you linked seems to suggest that Linus’s Law is a mere suggestion, at best.

      No one is suggesting that open source is inherently less secure, just that the vulnerabilities are easier to find, and thus easier to get exploited. For a third party reviewer there’s a lot of incentive not to report bugs they would find in banking software.

      • jamesravey@lemmy.nopro.be
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        No one is suggesting that open source is inherently less secure

        Unfortunately, I’ve met a number of people who genuinely do believe this! The same demographic who don’t know how copy and paste works or take photos of stuff on their monitor instead of print-screening and tend to end up running large corporations even though they’re completely out of touch.