Friday, June 27, 2008

Is open source software insecure? An introduction to the issues

This briefing note is intended to answer questions that those new to open source software may have about its security. By definition, open source software is software for which the source code is available to anyone. Source code can be thought of as a kind of blueprint for the software, a form which is ideal for gaining understanding of how a program works or modifying its design. A program's source code is in many cases processed by another program called a 'compiler' to create the actual file that runs on an end-user's computer. This file is called the object code (or executable), and it is this that an end-user receives when buying traditional proprietary, closed-source software like, for example, Microsoft Word. In comparison to its source code, the object code of a program is very difficult for a human being to comprehend or modify. Thus, open source software can be said to invite and facilitate modification, while closed source software tends not to. These technical characteristics are also generally carried through into the accompanying licences; open source licences permit modification and redistribution by the user, while closed source end user licence agreements tend to contractually bind the user to refrain from modifying or redistributing the software that they cover.

In this document, the first section aims to identify the chief ways in which software can be insecure, the second section discusses general approaches to mitigating software insecurity, and the final section compares closed and open source development methodologies in the light of the information from the preceding sections.

Read More Article...


No comments: