[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is Open Source software really more secure?

On Sun, 8 Oct 2000, Bud Rogers wrote:

> I've always taken for granted the idea that open source was inherently more 
> secure because it's open to peer review.  Linus said "Given enough eyes, all 
> bugs are shallow."  But has anyone ever done a serious study on the subject?  
>  I've seen plenty of emotional arguments and anecdotal evidence, but nothing 
> that I would consider hard evidence.  
> I'm doing a paper on this topic for a graduate level class in Information 
> Assurance Management.  I'm looking for background material for my paper.  I 
> would appreciate any pointers, urls, etc.

I wouldn't say that open source is guaranteed more secure, since there
is no guarantee that the code has been audited.  However, the
POTENTIAL to be more secure is there, because it CAN be audited by
anyone.  There is no way closed source can be audited by an
independant group, because, well, it's closed.  (by independant, I
mean a group / person that can choose on their own to review the code,
over which the original author has no say).

On average, I would guess it is more secure, because so many
projects have so many eyes looking at it, but I don't have any

Thought for today:  stoppage /sto'p*j/ n. 

 Extreme lossage that renders
   something (usually something vital) completely unusable.  "The
   recent system stoppage was caused by a fried

Reply to: