Security from A to Z: Open source

Experts have issued warnings of complacency over security in open-source projects. Part of a series on hot security topics.

Whether open-source software and closed-source software differ in terms of security will always be debated. But what's clear is that vulnerabilities are found and exploited in both.

Speaking at London's LinuxWorld conference in October, Alan Cox, a respected figure in the U.K. open-source community, warned about complacency over the security of open-source projects.

Microsoft, leader of the closed-source world, makes more headlines than any other software maker when it comes to security. But that's because the company's products are used by nearly all PC users, not because Microsoft software has more vulnerabilities.

More attention is being paid to security of open-source software. The U.S. Department of Homeland Security even awarded a $1.24 million grant to Stanford University, Coverity and Symantec to hunt for security bugs in popular open-source programs.

Developers have been quick to fix many bugs found as part of the U.S. government-sponsored program. More than 900 flaws were repaired in the two weeks after Coverity announced the results of its first scan of 32 open-source projects, which include the Linux operating system, Apache Web server, MySQL database and Firefox Web browser.

Featured Video

iPad Pro after one week: Can it replace your laptop?

CNET Senior Editor Andrew Hoyle has been using Apple's gigantic tablet as his main computer for a week. Luke Westaway asks how it stacks up.

by Luke Westaway