Slashdot Mirror


Confidence Shaken In Open Source Security Idealism

iONiUM writes: According to a few news articles, the general public has taken notice of all the recent security breaches in open source software. From the article: "Hackers have shaken the free-software movement that once symbolized the Web's idealism. Several high-profile attacks in recent months exploited security flaws found in the "open-source" software created by volunteers collaborating online, building off each other's work."

While it's true that open source means you can review the actual code to ensure there's no data-theft, loggers, or glaring security holes, that idealism doesn't really help out most people who simply don't have time, or the knowledge, to do it. As such, the trust is left to the open source community, and is that really so different than leaving it to a corporation with closed source?"

5 of 265 comments (clear)

  1. perfect timing. by gandhi_2 · · Score: 5, Interesting

    amazing this article is posted on the same day as 3 0days for MS products.
    one of which has been known for over a month, and will soon have a logo.

  2. Open Source is More Easily Auditable by Bob9113 · · Score: 5, Interesting

    As such, the trust is left to the open source community, and is that really so different than leaving it to a corporation with closed source?

    Yes, it really is so different. Open Source provides an additional avenue for security auditing. With closed source software, any auditing body must be authorized to view the source code by the owner of the software. With Open Source, anyone can audit it. That does not mean that anyone has audited it, but being able to do so without having to contact the software distributor and get their permission is a substantial difference.

    If you want highly secure software, you have to verify that one or more trusted third parties have audited the code. You can't skip that step with either kind of software, it's just easier to get it done with Open Source.

  3. Re:Cart before the horse. by Cabriel · · Score: 4, Interesting

    Not so. When there are articles about governmental offices switching whole-hog to open source software, that shows immediately that there is an awareness among the general public. When there is an article about one minister claiming open source software isn't working for his office and another minister countering that claim saying no one in the office has had an issue, there's a strong suggestion that there is an awareness of open source software. When an open source OS is advertised as being superior to a closed source competitor, there's absolutely going to be an awareness of open source and free software (Android vs iOS).

    While this may still be professional click-bait, I think calling it trolling is, itself, putting the cart before the horse.

  4. Re:Cart before the horse. by pixelpusher220 · · Score: 4, Interesting

    And lets also remember that corporate software has so many many bugs and vulnerabilities that they had to schedule a MONTHLY day to do them. Only to find yet more bugs so critically important that they broke their own rules well more than 2 times to release out of cycle fixes.

    OS will almost always beat corporate in terms of defects and response time. Anyone care to guess how many 'heartbleeds' currently exist in Windows code that we know nothing about?

    --
    People in cars cause accidents....accidents in cars cause people :-D
  5. Re:Cart before the horse. by udippel · · Score: 5, Interesting

    You can't. But that's not the point at all.
    But in one case one could, if only one wanted, to check the code quality and apply a patch; in the other case this door is totally shut. The first alternative is light-years ahead of the second, irrespective of the field. Because it leaves you the freedom of choice. Be it contributing to retirement benefits or invest your money at your own discretion, the decision to smoke certain substances or not, choice always has a connotation of freedom. The same choice that one has to buy this operating system or that one.
    Once you decide for closed source, you are
    1. totally dependent on the manufacturer
    2. without a chance to check yourself
    3. unable to analyze if the manufacturer has inserted some malicious code like a trapdoor, eventually on purpose
    Now, where would be any advantage in using a system of closed source?