Open-source versus proprietary software: Is one more reliable and secure than the other?
Popular open source software can meet, and exceed, the security and reliability of their closed source counterparts.
Many security claims against Open Source Software by proprietary software vendors are not based on facts, but rather an attempt to dissuade their customer base from switching to an open source alternative. That is the conclusion of dr. Alan Boulanger, member of IBM's Global Security Analysis Lab, who studied the subject of security and reliability of Free/Open Source Software.
The results will be presented at the Holland Open Software Conference and be published in the IBM Systems Journal. The upcoming issue of this world leading scientific technology magazine is on Open Source Systems.
Boulanger studied all test results that came from independent organizations. He concludes that the fierce debate on the lack of security of OSS is fueled by business interests rather than facts. Vendors of proprietary software are trying to protect revenue streams, still trying to lock in customers to a particular technology to ensure future business.
Empirical evidence shows that most software systems are not secure. In fact, any system that has not been originally designed to be secure will invariably not be. In that respect there is little difference between the security of OSS and proprietary systems. Proprietary software vendors have argued that protecting the source code will enhance security by preventing hackers from discovering vulnerabilities. This assertion is however not supported by available vulnerability data. On the contrary, several studies have concluded that source code availability helps mitigate security defects.
So there is no evidence that proprietary software is inherently more secure. If a OSS project reaches a critical mass the sharing of knowledge within that community often yields higher quality software at lower cost. Independent studies of the code quality of popular OSS systems report that OSS developed systems are at least comparable to their proprietary counterparts.
OSS developed systems could benefit from Common Criteria Certification. Due to the high costs associated with obtaining certification, to date, only a small number of OSS systems have been sponsored and thus able to obtain this certification. When more OSS packages will obtain certification, the business community may be come more open to adopting OSS technology.
For more information on this subject Click here
----- This information is free for publication. However, the IBM Systems Journal and the Holland Open Software Conference should be mentioned as the source for this information. For more information, turn to Jo Lahaye, +31 6 53292887.