- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - It's a topic of fierce debate among high-tech cognoscenti: What's more secure - "open source" code such as Linux and Apache, or proprietary "closed source" operating systems and applications, Microsoft's in particular?
The regularity with which Microsoft has taken to announcing vulnerabilities and consequent software fixes has left few cheering about its security. In contrast, high expectations endure for open source, with proponents arguing that it's inherently more secure because a much larger set of developers can read the code, vet it and correct problems.
"I'm struggling to think of anyone who would argue the other way," says Adam Jollans, chief Linux technologist at IBM Software Group.
Tim Clarke, IT director at Manifest, a maker of electronic voting and research tools for investment firms in England, feels much the same way about open source security. He says open source developers are "more agile and feel more exposed on a personal level to criticism at whatever level that might be aimed at their products."
Thus, open source developers are "more able to respond quickly and to use new and more secure techniques. Because they perform for peers' kudos, this, too, behooves them to perform well," Clarke says.
"Open source development is centered around operating systems designed many years ago with security and Internet connectivity as a base requirement," he adds.
Open source is foremost an "ethos" that "is precisely the best social environment for the best development of anything," Clarke maintains. "By contrast, the principle culprit of poor security, Microsoft, has several major issues with producing secure code."
"Microsoft seems lax to security threats," says Robert Swiercz, managing director of the Portal of Montreal, the city's Web site. "I have less and less ability to trust them." He, too, expresses confidence in the open source community, saying, "this is where the solutions are coming from."
However, some call these assumptions into question and assert there's a lack of accountability in fixing open source. A number of research firms are ready to puncture the belief that open source is by its very nature superior.
In its report, "Securing Open Source Infrastructure ," Burton Group dispels any notion that open source software is inherently more secure simply because more people can look at it.
"Experience shows this simply isn't true," the research firm states, calling it "the myth of more eyes," citing case after case where no one spotted critical flaws in open source code.
Burton Group also points out the potential for developers placing back doors in open source code, and that when it comes time for the open source community to fix the inevitable vulnerabilities, businesses using it might come to rely on the "whim of individuals rather than organizations they are more accustomed to dealing with," Burton Group notes. The firm adds that dealing with traditional vendors isn't necessarily any better.