Open source community retaliates

Microsoft's record brought up... OS supporters not impressed at security comments

The open-source community has reacted with anger to last week's claims from Microsoft representatives that open source software was too insecure for it take seriously.

British Linux developer Jason Clifford has led the backlash against Microsoft's claims, viewing them as a cynical marketing ploy. "At the end of the day Microsoft is in the business of selling a product," he says. "Everyone is entitled to do that, but perhaps it would be better to do it on the merits of that product rather than tying to put something else down."

Microsoft group product manager Aubrey Edwards last week suggested the security of a bank is comparable to that of an operating system and claimed that no bank would make its security architecture common knowledge.

But Clifford is keen to point out that open source is a tried, tested and trusted security architecture for Web developers world-wide. He adds, "If open source was so insecure, would 55% of Web servers wouldn't be running Apache, and would the servers that run other software be cracked so often. Open source software is vital to the Internet, it wouldn't be there if it wasn't for Open source."

Clifford also criticises Microsoft for implying that hiding a system's security architecture makes it inherently more effective, arguing that when software is closed, nobody knows something is wrong. "Security is knowing that me or the author of the code can fix something."

Other open-source enthusiasts have hit out at Edwards' bank security analogy. Linux enthusiast Nathan Myers for example says, "Security experts the world over are openly derisive of what they call "security by obscurity", because it has failed everywhere people have relied on it. For MS Marketing to promote a "security by obscurity" policy even now, after all its well-publicised failures, must be seen as a move of desperation. It will only persuade the ignorant."

Microsoft was unavailable for comment by press time, despite several repeated requests.

Is Microsoft right? Tell the Mailroom

Take me to Hackers

They can see you... Read about how and why in Surveillance , a ZDNet News Special