https://ulveon-thoughts-f210db.gitlab.io/tag/supply-chain-security/Recent content in Supply Chain Security on Ulveon's ThoughtsHugoen-IEWed, 03 Dec 2025 08:00:00 +0100https://ulveon-thoughts-f210db.gitlab.io/p/2025-12-03-the-secure-open-source-fallacy/Wed, 03 Dec 2025 08:00:00 +0100https://ulveon-thoughts-f210db.gitlab.io/p/2025-12-03-the-secure-open-source-fallacy/<p>Most open source advocates, and many security professionals, often say things like &ldquo;open source software is secure because you can just read the code&rdquo;.</p> <p>This argument assumes that the ability to read source code directly translates into the ability to understand, verify, and trust it, because you can see the files this software opens or the network sockets it listens on. You can see the kind of network data it sends, and the cryptography it uses.</p>