bigc73542
March 4th, 2004, 08:40 PM
Link to story: http://www.theregister.co.uk/2004/03/05/does_open_source_software_enhance/
-{ Quote: "Does open source software enhance security?
By Thomas C Greene in Washington
Published Friday 5th March 2004 10:15 GMT
Analysis There are several reasons why open-source software provides for superior computer and network security, but the computing public seems confused about why this is so.
Many attribute the security advantage to the very fact of openness. It's long been popular to cite the "many eyes" theory, which holds that flaws are discovered and fixed because selfless programmers spend countless hours carefully combing through the source code and alerting the development teams. In this way, we're told, the mere fact that source code is available leads to enhanced security.
Wishful thinking
Actually, the people most likely to spend hour after hour reviewing source code are blackhats looking for a novel exploit. Code review is hardly the only way to attack, but it is obviously more difficult with closed-source software. Some attacks against closed-source systems have been discovered through reverse engineering, a tedious and not entirely dependable process; but reversing is difficult, and only a minority of attackers are capable of it. Having the source code at one's disposal is a convenience.
Security through obscurity can work to a point...
.
.
." }-
-{ Quote: "Does open source software enhance security?
By Thomas C Greene in Washington
Published Friday 5th March 2004 10:15 GMT
Analysis There are several reasons why open-source software provides for superior computer and network security, but the computing public seems confused about why this is so.
Many attribute the security advantage to the very fact of openness. It's long been popular to cite the "many eyes" theory, which holds that flaws are discovered and fixed because selfless programmers spend countless hours carefully combing through the source code and alerting the development teams. In this way, we're told, the mere fact that source code is available leads to enhanced security.
Wishful thinking
Actually, the people most likely to spend hour after hour reviewing source code are blackhats looking for a novel exploit. Code review is hardly the only way to attack, but it is obviously more difficult with closed-source software. Some attacks against closed-source systems have been discovered through reverse engineering, a tedious and not entirely dependable process; but reversing is difficult, and only a minority of attackers are capable of it. Having the source code at one's disposal is a convenience.
Security through obscurity can work to a point...
.
.
." }-