Open Source More Secure?
Open Source More Secure?
June 14th, 2006: Antivirus vendor Trend Micro has added its voice to the open vs closed source security debate, saying that open-source software is by default more secure than proprietary code due variety of distributions.
Trend Micro claims that it is the many flavours of Linux distributions that give it the security edge. Even though they all use the same kernel, a piece of malicious code written for one distribution will not work for another.
“Open source is more secure. Period,” Raimund Genes, chief technical officer for anti-malware at Trend, told ZDNet. “More people control the codebase, they can react immediately to vulnerabilties, and open source doesn't have so much of a problem with legacy code because of the number of distributions.”
This view is more or less shared by Red Hat’s security response team lead Mark Cox, who agrees that Linux is less susceptible to critical vulnerabilities.
“Ten years ago, Apache was designed to address buffer overflows, and has been successful,” says Cox. “It's harder to write a worm for Linux because there haven't been that many critical vulnerabilities found, and even those are harder to exploit because of the diversity.”
Genes also says that because issues are openly discussed within the community, response time to exposed vulnerabilities is immediate.
Because its code is open and freely available, open-source software is seen as vulnerable by those that believe secrecy equals security. DevX’s executive editor A. Russell Jones sums this argument up saying that “the open-source model, which lets anyone modify source code and sell or distribute the results, virtually guarantees that someone, somewhere, will insert malicious code into the source.”
On the other side of the debate, champions of open-source say that its openness is exactly what makes it secure. By giving malware writers the source, security has to be written to take this ‘worst-case scenario’ into account. “Starting from worst-case assumptions is just plain common sense. Any other security plan is simply madness,” says Mark Stone, Director of Product Development for ManyOne Networks. “Open Source software inherently takes this approach to security.”
The debate has been running for years, however it has been heating up of late as open-source solutions become increasingly attractive to businesses and governments.
Comment on this story
Related Article: