Slashdot Mirror


Confidence Shaken In Open Source Security Idealism

iONiUM writes: According to a few news articles, the general public has taken notice of all the recent security breaches in open source software. From the article: "Hackers have shaken the free-software movement that once symbolized the Web's idealism. Several high-profile attacks in recent months exploited security flaws found in the "open-source" software created by volunteers collaborating online, building off each other's work."

While it's true that open source means you can review the actual code to ensure there's no data-theft, loggers, or glaring security holes, that idealism doesn't really help out most people who simply don't have time, or the knowledge, to do it. As such, the trust is left to the open source community, and is that really so different than leaving it to a corporation with closed source?"

3 of 265 comments (clear)

  1. perfect timing. by gandhi_2 · · Score: 5, Interesting

    amazing this article is posted on the same day as 3 0days for MS products.
    one of which has been known for over a month, and will soon have a logo.

  2. Open Source is More Easily Auditable by Bob9113 · · Score: 5, Interesting

    As such, the trust is left to the open source community, and is that really so different than leaving it to a corporation with closed source?

    Yes, it really is so different. Open Source provides an additional avenue for security auditing. With closed source software, any auditing body must be authorized to view the source code by the owner of the software. With Open Source, anyone can audit it. That does not mean that anyone has audited it, but being able to do so without having to contact the software distributor and get their permission is a substantial difference.

    If you want highly secure software, you have to verify that one or more trusted third parties have audited the code. You can't skip that step with either kind of software, it's just easier to get it done with Open Source.

  3. Re:Cart before the horse. by udippel · · Score: 5, Interesting

    You can't. But that's not the point at all.
    But in one case one could, if only one wanted, to check the code quality and apply a patch; in the other case this door is totally shut. The first alternative is light-years ahead of the second, irrespective of the field. Because it leaves you the freedom of choice. Be it contributing to retirement benefits or invest your money at your own discretion, the decision to smoke certain substances or not, choice always has a connotation of freedom. The same choice that one has to buy this operating system or that one.
    Once you decide for closed source, you are
    1. totally dependent on the manufacturer
    2. without a chance to check yourself
    3. unable to analyze if the manufacturer has inserted some malicious code like a trapdoor, eventually on purpose
    Now, where would be any advantage in using a system of closed source?