I just read a post by the web's most prolific Windows-zealot, Paul Thurrott, about how closed-source is definitely more secure than open-source. He links to an eWeek article which concludes by saying "Open source doesn't make code secure, nor does closing source make it insecure.", yet he takes that as an opportunity to laud closed-source software for its security and bag out open-source software for its insecurity. The fact is, that both open- and closed-source software can have security holes and problems. Take Microsoft, for example. Windows is closed-source, yet has had many, many, many, many … holes and security problems over the years. Whether this was because of shoddy programming, poor code reviews/audits, or whatever, security was poor. Granted, they are focusing on it more now, which is good to see. On the other hand, Sun's Solaris is purportedly rock-solid, with very little security holes. Much of it is closed-source, which gives merit to the argument that closed-source software is secure.
On the other hand, open-source software has the opportunity to be just as secure as Solaris, for example, but also to be extremely insecure and riddled with holes and bugs. The author of the eWeek article mentions that a hole was recently found in OpenSSL, which had been there for years. Now, the whole point of open-source is that the source is out there for everyone to see, so that if a problem is found, it can be patched and an updated version released quickly, so that problems do not occur. Whether this occurs depends on the developers and how perceptive/experienced/dedicated they are.
The truth of the matter is, I don't think closed- or open-source software in general is any more secure than the other, as it ultimately depends on who is doing the programming and what kind of audits there are on that code.
0 Responses to ““Is Open-Source Code Really Examined for Security Any More Than Closed-Source Software?””
Leave a Reply