06-21-2002, 08:14 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Open source, closed source - equally secure
http://news.com.com/2100-1001-938124.html
I know many of our readers are Linux fans and may even have a Linux based PDA, so I thought this would be somewhat interesting. One of the comments I've heard about Linux and other open source software is it is inherently more secure than closed source software simply because you have a bazillion eyeballs looking at the code and trying to make it more secure and stable. That may just be rhetoric though.
"Proprietary programs should mathematically be as secure as those developed under the open-source model, a Cambridge University researcher argued in a paper presented Thursday at a technical conference in Toulouse, France. In his paper, computer scientist Ross Anderson used an analysis that equates finding software bugs to testing programs for the mean time before failure, a measure of quality frequently used by manufacturers. Under the analysis, Anderson found that his ideal open-source programs were as secure as the closed-source programs. 'Other things being equal, we expect that open and closed systems will exhibit similar growth in reliability and in security assurance,' Anderson wrote in his paper."
Of course, this swings both ways. MS has long held that opening up Windows would compromise security and stability. Your thoughts?
|
| |
|
|
|
06-21-2002, 08:17 PM
|
|
Intellectual
Join Date: Feb 2002
Posts: 134
|
|
I like open-source. I want to try Embedded Redhat Linux. Has anyone else tried it?
|
| |
|
|
|
06-21-2002, 08:22 PM
|
|
Intellectual
Join Date: Feb 2002
Posts: 134
|
|
I believe that the more popular an open-source program is, the more secure it becomes. I also think that the more popular a closed-source program is, the more likely people are to look for security holes and exploit them, therefore making it less secure the more popular it gets. Just my theory.
|
| |
|
|
|
06-21-2002, 08:23 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Quote:
|
Originally Posted by Robotbeat
I believe that the more popular an open-source program is, the more secure it becomes. I also think that the more popular a closed-source program is, the more likely people are to look for security holes and exploit them, therefore making it less secure the more popular it gets. Just my theory.
|
Exactly what Linux proponents say, and it sounds good. It is exactly what this article refutes too.
|
| |
|
|
|
06-21-2002, 08:28 PM
|
|
Intellectual
Join Date: Feb 2002
Posts: 134
|
|
Yeah, I also need to add something to my theory. The more popular a program becomes, the more people (both closed source and open) try to find security loop-holes. If the program is a closed-source expensive one, then generally the more popular it gets, the more money that the company that makes the program can earn in order to hire more people to fix the program. This applies also to open-source projects as well, although not just certain ones as in closed-source.
|
| |
|
|
|
06-21-2002, 08:31 PM
|
|
Intellectual
Join Date: Feb 2002
Posts: 134
|
|
Then again, this paper is not necessarily talking out reality, just what "mathematically" should-be.
|
| |
|
|
|
06-21-2002, 08:40 PM
|
|
Ponderer
Join Date: Feb 2002
Posts: 79
|
|
Fun to argue, but...
... like many things, the answers to this question are:
a) Always
b) Sometimes
c) It depends
I'm all for open source, but I'm glad my bank's software isn't.
|
| |
|
|
|
06-21-2002, 08:47 PM
|
|
Intellectual
Join Date: Feb 2002
Posts: 134
|
|
How come?
|
| |
|
|
|
06-21-2002, 08:54 PM
|
|
Intellectual
Join Date: Feb 2002
Posts: 134
|
|
Do you wear boxers or briefs?
A) Boxers
B) Briefs
C) Depends
:lol:
|
| |
|
|
|
06-22-2002, 04:36 AM
|
|
Thinker
Join Date: Feb 2002
Posts: 384
|
|
Open door security
One would think that security would be better served by secrecy.
In practice, secrecy promotes hiding defects. When managers aren't concerned about defect exposure, they are far less concerned potential defects.
Microsoft is obsessed with releasing lots of features ASAP. Be damned with quality or security.
Open source promotes quality through external scrutiny. It's far harder to hide your STUPID little secrets and pathetically dumb code when everyone can read it. Real programmers aren't afraid to have their work scrutinized. It many cases they've actually done it themselves before it's published ;-)
An open door policy will consistently produce higher quality results. One must program under the assumption that it will be scrutinized. Otherwise, one can get overly smug about work completed but done poorly.
|
| |
|
|
|
|
|
|
Linear Mode
