Open Source
A debate has opened in the
software development community over so-called open source operating systems (and other programs), ones for which
the source code is freely released for public analysis. The arguments are
predictable: With open source, many critics can peruse the code, presumably
finding flaws, whereas closed (proprietary) source makes it more difficult for
attackers to find and exploit flaws.
The Linux operating system is
the prime example of open source software, although the source of its
predecessor Unix was also widely available. The open source idea is catching
on: According to a survey by IDG Research, reported in the Washington Post [CHA01], 27 percent of high-end servers now run
Linux, as opposed to 41 percent for a Microsoft operating system, and the open
source Apache web server outruns Microsoft Internet Information Server by 63
percent to 20 percent.
Lawton [LAW02] lists additional benefits of open source:
Cost: Because the source code
is available to the public, if the owner charges a high fee, the public will
trade the software unofficially.
Quality: The code can be
analyzed by many reviewers who are unrelated to the development effort or the
firm that developed the software.
Support: As the public finds
flaws, it may also be in the best position to propose the fixes for those
flaws.
Extensibility: The public can
readily figure how to extend code to meet new needs and can share those
extensions with other users.
Opponents of public release
argue that giving the attacker knowledge of the design and implementation of a
piece of code allows a search for shortcomings and provides a blueprint for
their exploitation. Many commercial vendors have opposed open source for years,
and Microsoft is currently being quite vocal in its opposition. Craig Mundie,
senior vice president of Microsoft, says open source software "puts at
risk the continued vitality of the independent software sector" [CHA01]. Microsoft favors a scheme under which it
would share source code of some of its products with selected partners, while
still retaining intellectual property rights. The Alexis de Tocqueville
Institution argues that "terrorists trying to hack or disrupt U.S.
computer networks might find it easier if the Federal government attempts to
switch to 'open source' as some groups propose," citing threats against
air traffic control or surveillance systems [BRO02].
But noted computer security
researchers argue that open or closed source is not the real issue to examine.
Marcus Ranum, president of Network Flight Recorder, has said, "I don't
think making [software] open source contributes to making it better at all.
What makes good software is single-minded focus." Eugene Spafford of
Purdue University [LAW02] agrees,
saying, "What really determines whether it is trustable is quality and
care. Was it designed well? Was it built using proper tools? Did the people who
built it use discipline and not add a lot of features?" Ross Anderson of
Cambridge University [AND02] argues that
"there are more pressing security problems for the open source community.
The interaction between security and openness is entangled with attempts to use
security mechanisms for commercial advantage, to entrench monopolies, to
control copyright, and above all to control interoperability."
Anderson presents a
statistical model of reliability that shows that after open or closed testing,
the two approaches are equivalent in expected failure rate [AND05]. Boulanger [BOU05]
comes to a similar conclusion.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.