[SOLVED]Question on security of the open source model


#1

Hi.

I’m familiar with the concept that the open source nature of Bitwarden means that anyone can review and contribute to the code, making it less likely for significant errors to go un-noticed.

What I would like to know is what prevents someone from downloading the source code and injecting malicious items into it and uploading it back to the code repositories? Are there some checks and balances that prevent this happening, for example at the time of code compilation, or is every addition to the code reviewed prior to being accepted? Does Bitwarden have a team of developers that look at these issues?

Thanks.


#2

All code is manually reviewed before it is merged into the main repository.

It isn’t possible for someone (without those permissions) to just upload directly to the repository.


#3

Thanks for the reply.