General discussion


Is open source software more secure?

By debate ·
Do you agree with Jonathan Yarden that open source software is generally more secure than commercial software? If so, do you think commercial software will ever be as secure as open source? Share your comments about whether open source software is more secure than commercial software, as discussed in the Jan. 24 Internet Security Focus newsletter.

If you haven't subscribed to our free Internet Security Focus newsletter, sign up today! Click this link to subscribe automatically:

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by secure_lockdown In reply to Is open source software m ...

open source is more secure at the moment. the app's don't interact as closely with the OS and there is better ACL management.

Collapse -

Is More Secure Enough?

by Praetorpal In reply to Is open source software m ...

Generally, the answer is yes, but more secure may not actually be secure enough. While it is now known that windows boxes can be owned in a matter of minutes, the average Linux box may be rooted in an hour or so by an expert.

I think that there are a lot of sources that have answered the question already. The "many eye make safe software" debate, the fact that Linux was created for networking and windows networking is an extension of a desktop product that has left many vulnerabilities and so on, has been chewed over numerous times.

This simple question is very vague, and I am writing this before I have received the newsletter, so I am not sure of the article content.

One visible problem with the question is that it equates closed source with commercial software, which does not take into account hybrid products that leverage open source in some way, but add a proprietary product that they charge for. That is fine; if the customer approves of the added value and thinks it is worth the price (ie it makes life easier or saves him time/money) and chooses to purchase, than everyone is happy.

Our company is an example. We are about to release an advanced security product and we plan to open source the base module, but the administrative tools will be commercial.

The most important variable possibly not mentioned is the human factor. Competent IT people can make any system fairly secure, if they are willing to put up the resources, and incompetent ones can eliminate an inherent built-in advantage pretty quickly.

That is why a product such as ours is important. It takes human error out of the picture. How fuzzy will this debate get if one uses commercial software to convert an open source system into a trusted operating system?

Collapse -

Secure like a Canadian

by Roger99a In reply to Is open source software m ...

I still think open source is more secure because nobody is attacking it yet.

I particularly like the statement the author made about "seeing the code". I'm sure he hasn't seem Microsoft's code, or Novell's code. What's he comparing it to?

Collapse -

Respectfully disagree

by Sycorax In reply to Is open source software m ...

The only secure computer is disconnected, turned off and locked up in a vault that can't be opened.

I think both commercial software & open source have the same chances at security, the reason is that security depends on how the technology is operated.

I think most vendors are doing a great job at tracking & fixing vulnerabilities as they are found, it's up to adminstrators/operators/users to leverage that effort.

Collapse -

Great point!

by dafe2 In reply to Respectfully disagree

Actually that's a great observation. As far as MS software goes this works against them - The OS is not secure in it's default setup, it's deceptively 'simple'.

It takes some 'effort' to secure a default install, something most users & even some admins won't bother with once the system 'works'.

It's funny sometimes, to here how many third party tools get thrown on desktops to 'solve problems'........time and again users are surprised to find that some of the tools they just bought were already available to them had they bothered to look.

Collapse -


by Two_Cats In reply to Is open source software m ...

Once again, Jonathan Yarden offers an opinion highly colored by his Unix background. The only statement he made with which I fully agree is that all software has bugs. Jonathan seems to have missed out on some important aspects which must be analyzed in order to answer a question like this. For instance, the size of a software target is a primary motivating factor for "intruders" in choosing which product to analyze and attack. The plain truth is that the vast majority of "intruders" decide to attack a product based on widespread usage, and not so much whether it is more or less secure. Another primary factor is the assessed value of the target(s) to the "intruder", which isn?t always monetary. The determination of the relative security strengths of commercial and open source software products is a complex process with complex issues. What is secure for one group of users may not be secure for another group. This question can't be answered with such vague generalizations, and I certainly wouldn't take Mr. Yarden's colored opinion on the matter.

Collapse -

Open Source may be more secure, but more functional?

by gradofcomputers2001 In reply to Is open source software m ...

I recently heard about the open source trend and I value the fact that open source is higly secure and reliable.

However, if I list an alternative open source software on my resume that I am proficient at, the marketing managers hiring me won't care. They require me to know Microsoft Office, period.

Although open source might be a great idea, the corporate world needs everyone to be on the same page using the same software, especially when it comes to marketing people.

I have looked at an alternative to Microsoft Word, and while it was similar, it was still quite different in other areas. It did not even have a drawing toolbar, a big drawback.

So, while open source may be more reliable and secure, the big software companies still have the competitive advantage as far as funcionality and the fact that the whole of corporate america has standardized software that they expect employees to know, not some no-name open source software program that the industry doesn't use. I am stuck in a rock and a hard place!

Collapse -

Am I alone?

by jdmercha In reply to Is open source software m ...

If the source code is published, wouldn't that make the software more insecure?

How difficult would it be for a hacker to modify the code and redistribute it, even claiming that it is someone elses distribution?

Collapse -

Yes you are!!

by Adonix In reply to Am I alone?

A very thoughtful quote I read before about open source code before:

"just because you have a map of the layout of the security of Fort Knox doesn't mean you will be able to easily breach its security"

Collapse -

Missleading Quote

by jdmercha In reply to Yes you are!!

If I had the resources to break into Fort Knox, having a map would make it much easier.

Related Discussions

Related Forums