OpenOffice security is questioned

A report into the security of OpenOffice has caused a stir in the open source community by highlighting six security "issues" around the open source office suite.

OpenOffice has said only one actual bug was discovered, which has been fixed already. But the research, by the French Ministry of Defence, also points out that many security flaws have already been discovered in Microsoft Office applications, claiming that these are "easily transportable to OpenOffice".

According to the report, titled "In-depth analysis of the viral threats with OpenOffice.org documents", this means that the "general security of OpenOffice is insufficient", Infoworld reported.

The report goes on to counter claims from the open source community that OpenOffice is inherently more secure than Microsoft's Office products. "The viral hazard attached to OpenOffice.org is at least as high as that for the Microsoft Office suite, and even higher when considering some... aspects," the researchers wrote.

"This suite is up to now still vulnerable to many potential malware attacks," they added.

The paper was first submitted for publication in April and revised in June. It was accepted in July, when some of the details of the report began to leak out, and then published in the 1 August in the Paris-based Journal of Computer Virology (online: ISSN 1772-9904).

The paper describes four examples of how malicious code can attack OpenOffice and release hazards. The weaknesses are focused around issues such as the use of .zip files, and in particular the use of macros and templates.

Last Tuesday, Microsoft announced it had fixed a number of bugs including one in PowerPoint.