Closed Minds on Open Source Security
Posted by Michael Harvey on January 11, 2008 3:55 PM EST
There's a buzz around the internet right now regarding an article recently posted on Information Week titled "Open Source Code Contains Security Holes". If you couldn't tell from the title, this is a piece about the potential bugs in open source applications. If you couldn't guess from the title: I'm not exactly supportive of the author's standpoint.
Software inherently has bugs. It's a fact of life and I am appalled that the article makes no mention of the bug rate found in closed source software for comparison, instead hinting that open source has some fundamental problem. Bugs are found and fixed more quickly in an open source application because of the public scrutiny of the code and the community involvement in the fixing of any potential bugs.
For example: when a bug is found in software from your average Redmond-based software behemoth, nothing really happens until enough users report errors, at which point a "critical update" will be issued. One of the great aspects to open source code is that there is a community of developers keeping an eye out for any potential problems which they are keen to resolve as soon as they are discovered.
To read a recap on this topic, head over to the Enterprise Open Source blog.
I discussed this with our CTO, Tom Manos. Tom brought up the recent, and equally inaccurate, release from McAfee warning investors about the dangers of "ambiguous" open source licenses. Tom pointed out that McAfee is obviously not open source, but has similar functionality to many cheaper, or even free, open source alternatives, making its argument entirely self-serving.
I've said it before and I'll say it again. We're on the brink of a time when the towel will be thrown in for fight over open source ‘versus' closed source. The audience isn't looking for one to win over another, they just want cost-effective, feature rich applications that will help them drive their businesses.