Tuesday, February 3, 2009

The smallest threat to open source in 2009

How much of a problem is security updating for open source software going to be in 2009?

On Jan. 1, Dana Blankenhorn published the sensationally titled The biggest threat to open source in 2009.

His thesis is simple: that, because open source software usually lacks any mechanisms for easily updating to the latest security patched version, the growing popularity of open source software will render it more vulnerable to problems than its closed source counterparts.

As a lead-in to his main point, he said:

There is no longer any doubt that hackers and malware writers are going after open source projects as they once went after Windows. Vulnerabilities are being found, discovered, created, exchanged.

There seems to be a common malady amongst opinionated tech writers--that of never quite getting it when it comes to the fundamental principles of security. A particular favorite for being ignored is that of security through obscurity.

Many many moons ago, I wrote what I think is a decent treatment of the subject as it applies to open source software, Security through visibility. While it makes a pretty strong case for ignoring the bleatings of "popularity is insecurity" doomsayers, it's really only the first step toward full understanding of all the problems with the assumption that the only thing "secure" about open source software is obscurity.

Read More Article...

No comments: