Open Source Security: Still a Myth
Subject:   Fair point if a little fearful of open source
Date:   2004-09-17 19:42:01
From:   cardiofile
The main point of this article is fair: just because software has it's source code open doesn't necessarily imply that it has better security than a closed source application.

True enough. However, I don't believe that there is anything about open source that inherently disadvantages software from a security point of view. Proprietry software is at a disadvantage from the point of view that it more difficult for a buyer to assess how secure a product is (independent third parties can't audit source code).

Current practice may well be more of a indication of a lack of understanding of security issues in the wider software community (proprietry and open source) than it is specifically to open source.

If an organisation wishes to use an open source product and they are concerned about security doesn't it make sense to employ people to audit the source code (contribute to a code auditing project)?

Perhaps the open source community needs to establish more groups (I know of a few) to perform securiy audits; if third party audits are so important to security then open source seems to me to be in a much better position due to the free availability of source code to enable this than proprietry code.

And as a final point, commerical is not mutually exclusive to open source, there's no reason why a commerical organisation can't contribute to FOSS development (e.g. Sun, IBM etc.)