Open Source

Does open sourcing security framework lead to more secure software?

Red Hat recently open sourced the Red Hat certificate system - software for managing user identities and privacy on a network. However, does open sourcing security software make it more secure, or does opening the code lead to vulnerabilities?

Red Hat recently open sourced the Red Hat certificate system - software for managing user identities and privacy on a network. However, does open sourcing security software make it more secure, or does opening the code lead to vulnerabilities?

An excerpt from Washington Post:

The Linux vendor said Wednesday it has released the entire source code for the Red Hat Certificate System, its security framework for managing user identities and transactions on a network. Red Hat acquired the system from AOL three years ago, but only parts of the system, which uses the Apache Web server and the Red Hat Directory Server, were open source.

There are several benefits in opening up the code, chief among them being the integration with open standards-based technologies. But open source also has this meta-hole problem mentioned by Dana Blankenhorn at ZDNet.

This implies that it all comes down to the individuals assessing the code. But does the community of open-source developers top the scrutinizing efforts of those seeking to exploit the holes that are inherent in software?

The present Red Hat Certificate System will be part of the freeIPA project for central management and provisioning of machines and services.

Do you think open sourcing security code is a security risk?

Editor's Picks