By Sylvia Carr, 15 November 2004 16:30
NEWS Which software model is more secure - open source or proprietary?
In a recent interview with silicon.com, CollabNet founder and CTO Brian Behlendorf weighed in on the debate: "It ends up being a wash," he said, meaning each side has its advantages and disadvantages and neither is clearly more secure.
The fact that open-source code is audited by many eyes is an advantage in finding security holes, but this same practice also makes it easier for individuals to find weaknesses to exploit than in proprietary software, he said.
Behlendorf has worked on both sides of the software world - CollabNet sells software development tools as a service and he was co-founder of the open-source Apache Web Server Project. So his moderate view seems appropriate.
But he does reveal an open-source bias. "My hunch is that most commercial software companies don't put the effort into" security until there's bad PR. "In the open-source community there's a lot more hesitancy to put something out there that could be used unintentionally to create a problem."
In the end, the real difference between the two models, he said, was the seriousness of the bugs: "[Open-source projects such as] Apache, Subversion and Mozilla - they all have their fair share of holes. But if you look at the bug reports you'll notice the severity of the holes in the OS stuff tends to be less [than in commercial software]."
Overall, though, he added, the "state of security" is getting better for both types of software, with bugs becoming less severe across the board.
You can read more about CollabNet and Brian Behlendorf in silicon.com's profile piece, based on a recent interview.
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below