• On TV.com: THE GIRLS NEXT DOOR photos
advertisementSave up to $300/year on phone bills
January 9, 2008 7:00 AM PST

Open source security: Security in process, not code

Posted by Matt Asay
  • Font size
  • Print

Yesterday's "big" news was that some major open-source projects have security holes. At least, that's the news that the media reported. Undoubtedly, Microsoft and others will use these results in their competitive documents to suggest that open source is less secure than its proprietary brethren.

This, of course, would be the exact inverse of the lesson to take from the report.

The big news is that we even know. With a proprietary product, no one knows there are gaping security holes...until someone exploits them. Open source makes no attempts to obfuscate its strengths (and weaknesses), letting both the bad guys and the good guys discover the problems, with the latter fixing them more quickly (on average - it depends on the project) than proprietary vendors.

Indeed, of its results Coverity noted:

To know the number of security exposures found within a popular piece of software is unusual, said [Coverity]. Open source projects are different from commercial products in that commercial companies rarely acknowledge security defects in their code or whether they have been dealt with. "Our commercial customers wouldn't like it too much if we aired the number of defects found in their code," said [Coverity], when asked about the results from scans on 400 product lines of the firm's private customers.

Now, never mind this silly distinction between "commercial" and "open source" in the quote. Open source is every bit as commercial as proprietary software.

No, the lesson to take is that customers benefit from an open security process, not a clandestine process that helps no one. We should be grateful when we read that our software has problems. At least we know. That, of course, is the necessary precondition to fixing those problems.

Matt Asay is general manager of the Americas and vice president of business development at Alfresco, and has nearly a decade of operational experience with commercial open source and regularly speaks and publishes on open-source business strategy. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.
Topics:

Industry news

Tags:

security,

open source

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from The Open Road
Novell delivers another 33 percent quarterly rise in its Linux business
Cisco's $100,000 bounty: Get paid to love Linux, diss Microsoft
Apple more proprietary than Microsoft, survey finds
Facebook finally hits the mainstream
China Linux policy suggests open source is not always open
Pandora breaks free on the iPhone: Is the music industry listening?
Microsoft's mixed-up open-source TCO messaging makes perfect sense
Eclipse coaxing developers away from Windows Vista?
advertisement

In the news now

Slowing expectations at a green-tech start-up

Six months ago, biofuels start-up Mascoma had the wind in its sails, as did the rest of the clean-tech sector. Now, the company is treading carefully and scaling back.


With JavaFX, Sun seeks new coders, new revenue

With the launch of JavaFX 1.0, Sun is trying to reclaim Java's strength as a foundation for rich Internet applications. But it's no longer the incumbent.


Tim Lincecum, motion capture star

San Francisco Giants pitcher, who won the Cy Young award last month, dons a motion capture suit for 2K Sports' Major League Baseball 2K9 video game.


Resource center from CNET News sponsors
Business. Ready.
Sony VAIO® Professional PCs.

Click Here!
A new grade in mobility demands a new kind of notebook. And Sony delivers.Tough, portable and featuring up to 7.5 hours of battery life! VAIO® Professional notebooks are built for business. Learn more.

Click Here!
Built tough for business.

Learn more about the rigorous quality testing Sony puts its notebooks through.

Protect your investment.

Find out why VAIO® tech support recently won a Laptop Editors' Choice Award, July 2008.

Long battery life.

Up to 7.5 hours of battery life! See how VAIO® PCs will keep you productive longer when on the road.

Travel light

Check out our ultraportable line-up, starting at 2.87 lbs.

PCs for every need.

Find out which VAIO® notebook is right for you.

About The Open Road

Matt Asay brings a decade of in-the-trenches open-source business and legal experience to the Open Road, with an emphasis on emerging open-source business strategies and opportunities. Matt is general manager of the Americas division and vice president of business development at Alfresco, a company that develops open-source software for content management. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.

Add this feed to your online news reader

The Open Road topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
CES
Cell phones
Dell
GPS
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET