Open Source getting bad reputation on security says vendor

Open Source getting bad reputation on security says vendor.(IMG:J.Anderson)

Ounce Labs, makers of Ounce 6 code analyzer for vulnerability scanning, say that recent criticisms surrounding the security of Open Source Software are off-base and, in some cases, counterproductive to security itself.

“Most of the security arguments against open source software are misleading. There is a myth out there that because the bad guys can see the source code, there is more security vulnerability,” said Ounce Labs founder and CTO Jack Danahy. “The relative security of software – whether it’s open source, commercial or home-grown – is much more dependent on whether security was a top priority during the development cycle, or just an afterthought.”

“Some in the industry will have you believe that there are inherent security problems in the development methodology of open source software that expose users to greater risk of security breaches. In our experience with customers, and in our work supporting the open source community, we have found strikingly little difference in the overall security of open source programs and those developed in a more proprietary manner.”

When people think 'Open Source', they instantly think free software and Linux. Linux, which is a Kernel not an operating system, is Open Source, but Linux is only as good as the developers that make it. When Linux is packaged with other software, creating one of the numerous operating system distributions, unless the added software is coded securely, it can be just as open to exploitation as those packaged on Windows.

This is seen in daily mailing list notices and package updates. Just this week alone, there were security patches released for Apache, Real VNC, BIND, Open Office, KMail, and Firefox, all Open Source projects (week of 03/09/09).

As Danahy said, if security is implemented from the start, then applications are developed securely and most of the common flaws are caught and fixed early. Peer review is largely responsible for this, not -- no offense to Mr. Danahy or Ounce Labs -- static code scanning.

Since everyone can see the code, security problems are located and easily fixed. The problem is there are countless Open Source projects, but very few developers or dedicated security researchers who have the time to go over code and test things. The lack of peer review in this case is why there is always going to be an application with a security issue.

Open Source applications have and always will take a beating when commercial vendors, that use closed source code, have to compete with it. Fear is a strong selling point, so is pain. Scare them with the fear of security issues, and the pain of already being exposed because of them. If the company making the pitch against Open Source knows the prospect has faced security issues, then the level of fear and pain used only increases.

This tactic can go both ways as well.

“The bottom line is this,” continued Danahy, “there is an endless supply of both secure and vulnerable software across the commercial, open source and proprietary domains. The assessment of the scope, severity, and situational impact of those vulnerabilities should be a core process in any software acquisition, regardless of the source.”

True, there is also the consideration of business practicality. Sometimes, Open Source just isn’t what a company needs for one reason or another, but that should never stop that company from seeking alternatives and investigating Open Source options.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in the photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a university in the UK told the BBC that it was impossible to see what other people see but that it […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.