Godot has a known issue where the built in deserialization can lead to arbitrary code execution. E.g. a save file could be modified to execute any script when it's deserialized.
Well the code base is surely orders of magnitude smaller (there are several legacy ui systems, network systems, etc in unity) which means far fewer security problems. And while we can debate the advantages of open source, in my opinion the development model is obviously more secure compared to closed proprietary.
A quick look shows not much has been found CVE wise with godot, and not anything on the 4.x version of the engine. There is an interesting case of it being used to build a malware loader.
I've actually been playing with it a bit recently and have had a couple mysterious crashes in their ide. It's likely ripe fruit for a curious security researcher.
It's opensource, so people would likely have caught this issue.
It's opensource, so they can't just make some foolish, arbitrary licensing change to extort money from customers.
It's opensource, so it is going to be a better engine in the long run.
Unity had a niche, their greedy execs killed that and Godot is one of the beneficiaries of that.
> "practically every CVE is on code you can read."
This is probably true due to a sort of survivorship bias. code you can read is much easier to analyze and test and report. Closed source internal code has a lot of security by obscurity built into it. Not to dismiss security by obscurity, I am sure it keeps an absolute frightening amount of code safe.
Is it known to be free from arbitrary code execution vulns? Or is it known to also contain ACEs? What's the relevance to the post?
Godot has a known issue where the built in deserialization can lead to arbitrary code execution. E.g. a save file could be modified to execute any script when it's deserialized.
Well the code base is surely orders of magnitude smaller (there are several legacy ui systems, network systems, etc in unity) which means far fewer security problems. And while we can debate the advantages of open source, in my opinion the development model is obviously more secure compared to closed proprietary.
A quick look shows not much has been found CVE wise with godot, and not anything on the 4.x version of the engine. There is an interesting case of it being used to build a malware loader.
I've actually been playing with it a bit recently and have had a couple mysterious crashes in their ide. It's likely ripe fruit for a curious security researcher.
It's opensource, so people would likely have caught this issue. It's opensource, so they can't just make some foolish, arbitrary licensing change to extort money from customers. It's opensource, so it is going to be a better engine in the long run.
Unity had a niche, their greedy execs killed that and Godot is one of the beneficiaries of that.
"It's opensource, so people would likely have caught this issue." Lol, practically every CVE is on code you can read.
"It's opensource, so it is going to be a better engine in the long run." Citation needed.
> "practically every CVE is on code you can read."
This is probably true due to a sort of survivorship bias. code you can read is much easier to analyze and test and report. Closed source internal code has a lot of security by obscurity built into it. Not to dismiss security by obscurity, I am sure it keeps an absolute frightening amount of code safe.