Ask HN: Is open source code really more secure?

1 point

11 years ago

I was reading [this article about NSA and security](http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html) and they say (I quote, so you can `CTRL + F` it) "Since anyone can view free and open source software, it becomes difficult to insert secret back doors without it being noticed".

And I was wondering: is that really true? While it is true that anyone can see and audit the code posted on a public github repo, is there anyone who really does it? If an NSA dev' would insert malicious lines of code in, say, OpenSSL, how much time would it be until someone notices and the word spreads out? From what I understand, OpenSSL's code is extremely complicated and there mustn't be more than a handful of people able to understand it all.