posted on Aug, 17 2004 @ 12:28 PM
there's a lot of heated debate on the security merits of closed versus open-source programs. the arguments for closed source are usually:
a) because the source is closed, someone looking to create a new exploit will have a harder time discovering exploitable weaknesses
and for open source:
a) exploitable weaknesses are more easily discovered, but if the development community is reasonably active the exploits get closed pretty quick
in my mind, the biggest problem with relying on closed source programs in a high-security environment is that they're less fixable; for example, if
the software provider releases a patch right away you're not in any trouble, but if they don't respond promptly you may not be able to do much to
fix the problem yourself while you wait for an official patch.
with open source, if it's critical you can just write some kludgy fix into the program, recompile, and then wait for the development community to
write a better fix; the "official" turnaround may turn out to be just as slow as with the closed source program, but at least you have the ability
to make a quick fix.
the biggest open-source security problem, in my book, is that if your operation is building the source locally and then installing it -- as opposed to
just grabbing the precompiled binaries -- any malicious employees / team members could theoretically insert backdoors into the source before it
compiles, which would make what might have been a very secure program into a very secure program with a back door for a couple people; with closed
source you don't have a similar option (though someone could monkey with the settings after installation) but there's no way to know if someone at
the software company put in their own backdoors.
so it's really a mixed bag; for the time being the open-source stuff is typically a lot more secure, at least when you're looking at a
linux/unix/associated software vs. microsoft's offerings, but if microsoft picked up some slack that security gap could get a lot narrower.