Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security of Open vs. Closed Source Software

Posted by michael on from the flame-retardant-suit dept.

morhoj writes "Cambridge University researcher Ross Anderson just released a paper concluding that open source and closed source software are equally secure. Can't find a copy of the paper online yet, but I thought this would make for an interesting morning conversation. You may not agree with him, but anyone who's on the BugTraq List can tell you that open source software isn't as bug free as we would all like to think." I found Anderson's paper, so read it for yourself. There are some other interesting papers being presented at the conference as well.

2 of 349 comments (clear)

  1. He's describing and ideal world by grylnsmn · · Score: 1, Redundant

    A few quick quotes from the paper:

    Other things being equal, we expect that open and closed systems will exhibit similar growth in reliability and in security assurance.

    Even though open and closed systems are equally secure in an ideal world, the world is not ideal, and is often adversarial.

    The problem is that in an ideal world, there would be almost no bugs anyway. It completely overlooks some of the factors in proprietary software that cause the bugs. Items such as deadlines for a product can actually encourage sloppy programming (Compare Mozilla 1.0 with Netscape or IE's early releases).

    One poster on ZDNet said it best: "In theory, there is no difference between theory and practice. In practice, there is."

  2. What M$FT says ... by Mr.+Mai · · Score: 0, Redundant

    I lost the count of how many times M$FT has argued that this is not true