Security from A to Z: Open source

Experts have issued warnings of complacency over security in open-source projects. Part of a series on hot security topics.

Joris Evers Staff Writer, CNET News.com

Joris Evers covers security.

See full bio

Joris Evers

Nov. 28, 2006 12:20 p.m. PT

Whether open-source software and closed-source software differ in terms of security will always be debated. But what's clear is that vulnerabilities are found and exploited in both.

Speaking at London's LinuxWorld conference in October, Alan Cox, a respected figure in the U.K. open-source community, warned about complacency over the security of open-source projects.

Microsoft, leader of the closed-source world, makes more headlines than any other software maker when it comes to security. But that's because the company's products are used by nearly all PC users, not because Microsoft software has more vulnerabilities.

More attention is being paid to security of open-source software. The U.S. Department of Homeland Security even awarded a $1.24 million grant to Stanford University, Coverity and Symantec to hunt for security bugs in popular open-source programs.

Developers have been quick to fix many bugs found as part of the U.S. government-sponsored program. More than 900 flaws were repaired in the two weeks after Coverity announced the results of its first scan of 32 open-source projects, which include the Linux operating system, Apache Web server, MySQL database and Firefox Web browser.