Of security and open source software

July 2013 Cyber Security

Muggie van Staden. “To say open source is less or more secure than anything else would be to miss the point.”
Muggie van Staden. “To say open source is less or more secure than anything else would be to miss the point.”

When it comes to open source software, the topic of security is always hotly debated. It seems that in addition to it being free, open source software is inherently less secure than what is available through its proprietary counterpart. At least that is what the cynics would have you believe.

But just like the Free Fallacy (patent pending), the security one is not any less incorrect. The fact remains that there are security risks associated to all software code. Just like any piece of hardware will eventually fail, so too does any piece of software inherently have a security risk. These risks can either be used for nefarious purposes or are as rudimentary as typos in programming syntax. However, irrespective of the platform used, companies need to mitigate their risk.

More secure, less secure?

To say open source is less or more secure than anything else would be to miss the point. All software has bugs and security issues are everywhere. How the platforms deal with these security issues are what sets them apart.

With proprietary software you have a small pool of developers that have access to the source code. The theory is that this closed system is inherently more secure because you are limiting the amount of people who can see inside the code and identify holes. Yet, as is evident through a well-known organisation that frequently releases patches on Tuesdays, this still does not mean the system is completely secure.

The very nature of open source means that any person has access to its inner workings. Certainly, there are many flavours and customisations to it but that is a result of the greater number of people who are developing solutions for open source software. Security holes become a bit of a numbers game here. Given the amount of open source developers and communities in the world, the chances of them picking up bugs in code are significantly higher than the closed pool of developers with proprietary systems.

Backdoor in

Think about it. If the developer of a proprietary system builds a backdoor in it that leaves an organisation open for attack, who would be able to check it? Only the limited number of developers that have access to that source code can monitor it. And once a hack has been discovered, it is often too late for the company in question as the damage would have already been done.

On the other side of the coin, you have open source developers who constantly monitoring code for malicious backdoors, bugs, or even simple typos in syntax. This community becomes a significant extension to the internal development team of a company and provide support around the clock, 365 days a year.

Greater good

Open source is pushing people to work together to make solutions better. It is one of the ultimate communities of interest. The developers work together for the greater good of the software and share bug fixes freely and quickly with each other. This fast turnaround time can hardly be matched in proprietary developers due to the sheer difference in numbers.

And while everybody loves a good underdog story of one against many, when it comes to security I know I prefer to have the many on my side working together to ensure my system stays as up to date as possible, while reducing the amount of security bugs.

For more information contact Obsidian Systems, +27 (0)11 794 8055, www.obsidian.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Exploiting the global pandemic
Issue 7 2020 , Cyber Security
Cyber criminals targeting remote work to gain access to enterprise networks and critical data reports FortiGuard Labs.

Read more...
Integrated security is key to Huawei Mobile Services
Issue 7 2020 , Cyber Security
To ensure sufficient mobile device security, the technology giant incorporates security into its chip, device and cloud capabilities.

Read more...
Cybersecurity becomes key enabler of sustainable business growth
Issue 7 2020 , Cyber Security
The adoption of rushed digital transformation strategies has left many facing unintended complexities and challenges.

Read more...
Challenges healthcare is facing
Issue 6 2020 , Cyber Security
The healthcare industry has been forever changed by digital transformation, but cybercriminals are targeting the healthcare sector now more than ever.

Read more...
Secure IoT devices and networks
Issue 6 2020, Technews Publishing , Cyber Security
Check Point Software’s IoT Protect solution secures IoT devices and networks against the most advanced cyber-attacks.

Read more...
SentinelOne Protects the AA
Issue 6 2020 , Cyber Security
National provider of 24-hour motorist assistance stays on the road thanks to accelerated, AI-powered threat prevention, detection and response.

Read more...
Protecting database information
Issue 6 2020 , Cyber Security
SearchInform has officially released Database Monitor, a solution for the protection of information stored in databases.

Read more...
Work from home securely
Issue 5 2020 , Cyber Security
First Consulting provides enterprise-level IT security to working-from-home employees at more than 40 South African organisations.

Read more...
Agility, meticulous alignment and testing
Issue 5 2020 , Cyber Security
Data loss can put the nails in the coffin for unprepared businesses. Investing in cyber resilience is key to succeed in the age of digital transformation.

Read more...
Cybersecurity comment: A holistic approach to threat vulnerability
Issue 5 2020 , Cyber Security
Any organisation, whether large or small, public or private, should follow an established framework in order to protect itself against cyber threats.

Read more...