Wednesday, September 21, 2005 Open Source Security: Still a Myth

"Outside the open source community, the notion that open source is good for security--particularly when developers are diligent--often meets with extreme skepticism. In fact, many people worry that exactly the opposite may be true: that open source software may tend to be less secure. One can certainly make a reasonable claim."

Something that worries me at times.
Consider the following:
"All in all, in some cases open source may have more eyeballs on it. Are those eyeballs looking for security problems, though? Are they doing it in a structured way? Do they have any compelling incentive? Do they have a reason to focus dozens or hundreds of hours on the problem to approach the level of effort generally given to a commercial audit? The answer to all of these questions is usually no. A good deal of software doesn't get examined for security at all, open source or not. When it does, commercial software tends to receive much more qualified attention."

For more read the article.

No comments: