Argument: Is open source software secure enough ?

I’ve heard this argument by many microsoft/closed source technology evangelist that Open Source softwares are not secure enough.

And any one can easily find the flaw in the software and use it for his benefit.

This week there was an argument on slashdot about the same.

According to the Linus’s Law, “given enough eyeballs, all bugs are shallow”. More formally: “Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone.” — this rule was formulated by ESR (Eric S. Raymond).

Open Source due to its very own nature of revealing all catches attention of all users/hackers/programmers across the world using that software. (Pls Note: Hackers always have good intentions.)

The source code is validated by many learned people and if any flaw is found it is quickly reported and fixed.
If a certain OSS is subject to vulnerability continuously then it looses its charm and people quickly migrate to more secure alternatives.
(For example: Most of the new installations of mail servers are based on qmail/postfix rather than Sendmail)

In case of closed source (for e.g. windows) it takes long time to report flaw and much longer to fix it.

I dont hate microsoft, infact i use windows XP for most of my day job and happy with it. But I feel much flexibility with my linux. Most importantly if something is going wrong I know where to check and what could be the reasons. (syslogs are also great friend)

But talking about security NO OSS is less secure than any closed source software just because it is open in nature or for that matter any other reason.

Lots of learned independent developers/testers/reviewers have gone through the codes/designs/outcomes of the OSS and have contributed to the security threats/bugs/potential problems.

Collective intelligence (worldwide) is always superior to a closed group of people.

As someone suggested it is easy to experience than arguing over this.

Best is to deploy for yourself and run weekly penetrative testing to see the possible results.

There is no security from stupid actions of users/administrators, however assuming security by obfuscation/closed source is nothing but stupidity.

I’ve been personally using OSS for years now and absolutely happy with the way it has helped me in learning things.

Collective intelligence (worldwide) is always superior to closed group of people !

1 comment to Argument: Is open source software secure enough ?

  • I realize we think much alike… I use windows as my desktop PC and i can’t live without my Debian server. About the argument that closed source is more secure i will say what is said in cryptography “don’t rely on hiding the algorithm. rely on the randomness of the internal state of it.”. I think that something is secure when everybody has a chance to take a look at the code and all agree there is no major flaw. and if the argument that closed source is more secure than opensource think about how many opensource major programs/platforms we have and how many serious flaws they have… i think they are too few compared to closed source…

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>