Is open soure more secure?

Summary:Right now open source security is symmetrical. Closed source security is asymmetrical. Who will win?

Ross AndersonThe question of whether open source is inherently better than closed source was addressed directly last week in England.

Yes, said Jim Coplien, whose latest book is Organizational Patterns of Agile Software Development. Open systems are an organic form of development. He compared open source development to cells in the body, each doing its own thing, but organized around a core group of developers.

No, said Bjarne Stoustrup, creator of C++. Some open source code is garbage, but some proprietary code, like that inside the Mars Rover (still working afte 15 months) must be staggeringly beautiful.

Ross Anderson of Cambridge (above) said security could be the test. This is where he has been concentrating his research lately.

Right now open source security is symmetrical. The good guys can all patch their code, but the bad guys have access to the same code. Closed source security is asymmetrical, which in theory should make it safer, assuming the good guys know more than the bad guys. But there are forces at work against closed source programmers knowing more, among them business pressures, marketing mischief, and PR.

Who will win? Anderson is still working on that through his studies of economics and security.  And you're working on it every day.

Whether your software source is closed or open, I'd like to know, what has been your security experience? Do you feel confident in your systems, or are you worried, and why? Let us know in TalkBack.

Topics: Open Source


Dana Blankenhorn has been a business journalist since 1978, and has covered technology since 1982. He launched the Interactive Age Daily, the first daily coverage of the Internet to launch with a magazine, in September 1994.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.