Is open soure more secure?

Right now open source security is symmetrical. Closed source security is asymmetrical. Who will win?
Written by Dana Blankenhorn, Inactive

Ross AndersonThe question of whether open source is inherently better than closed source was addressed directly last week in England.

Yes, said Jim Coplien, whose latest book is Organizational Patterns of Agile Software Development. Open systems are an organic form of development. He compared open source development to cells in the body, each doing its own thing, but organized around a core group of developers.

No, said Bjarne Stoustrup, creator of C++. Some open source code is garbage, but some proprietary code, like that inside the Mars Rover (still working afte 15 months) must be staggeringly beautiful.

Ross Anderson of Cambridge (above) said security could be the test. This is where he has been concentrating his research lately.

Right now open source security is symmetrical. The good guys can all patch their code, but the bad guys have access to the same code. Closed source security is asymmetrical, which in theory should make it safer, assuming the good guys know more than the bad guys. But there are forces at work against closed source programmers knowing more, among them business pressures, marketing mischief, and PR.

Who will win? Anderson is still working on that through his studies of economics and security.  And you're working on it every day.

Whether your software source is closed or open, I'd like to know, what has been your security experience? Do you feel confident in your systems, or are you worried, and why? Let us know in TalkBack.

Editorial standards