Why Is Open Source Less Secure?

Recently phpbb got hacked. Then, I just read the slashdot post How To Argue That Open Source Software Is Secure?.

Would a bank not have a safe with secret access codes just because it has installed the latest high-tech surveillance system?

What I am trying to say is, if a closed source software company argues that “hae, our software is likely to be more secure than an open source code because we don’t give out the implementation details”, then all things being equal, it’s a very compelling competitive advantage as far as security is concerned. Of course, “all things being equal” is not true. For example, the time to respond to a security bug for a commercial software might be more than for an open source code. This is because the number of eyes that can look at the code and fix the issue is a lot for open source project. But do note that the number of eyes that can look at the code and identify potential loop holes are also plenty.

So, I think it’s important for each side of the aisle to realize that their philosophies offer different comfort levels to their customers rather than each one expecting the other side not to consider their philosophy has any weakness.

Leave a comment

Filed under open source, Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s