Fact versus Fiction: Is Open Source software less secure?

Home/Network Management System, Network Security/Fact versus Fiction: Is Open Source software less secure?

Fact versus Fiction: Is Open Source software less secure?

open-sourceOpen Source software has come a long way from being the underdog in a market dominated by proprietary platforms. With an ever-growing number of organisations coming to recognise the value open source provides, it’s not just gaining momentum as a serious competitor to proprietary software – in many respects it’s eclipsing it. The US government is putting its weight behind open source software and its own open source projects like Data.gov and Digital Government. Last year, Apple released its Swift programming language into the public domain. Even Microsoft – historically one of the most vocally anti-open source companies – seems to have done a 180° turn on their stance towards it.

But, while open source software may be winning over the hearts and minds of major players in the IT world, there’s still a lot of disagreement as to how it measures up to proprietary software. Often, this comes down to the question of security in open source software. In this blog, we’ll try to separate fact from fiction.

The argument for and against open source security

Some of the benefits of open source software can’t be contested: lower cost of procurement, no licensing fees, no vendor lock-in, easier integration with other software and more potential for customisation. Concerns about security, however, are often based on a misunderstanding around the way open source software actually works. “Many people view open source software as something that can be changed or edited by anybody, much like a Wikipedia entry,” says Asavin Wattanajantra in an article for SC Magazine. “That generally isn’t the case, however, as open source communities usually have mechanisms in place to prevent such random tinkering – for example, submitting new code to a peer review before it is entered into a particular project.

Many hands make light work, or too many cooks spoil the broth?

Open source software projects typically involve a massive pool of developers, often from all around the world. Naysayers often claim that this is a shortcoming of open source software – if anyone has access to the source code, they can logically edit it for nefarious means if they are so inclined.

Additionally, there is a widespread assumption that open source code is written by amateur developers, and that as a result, open source code is ‘bad’. However, this is rarely the case. Don Smith, Director of Technology at Dell Secureworks, explains: “The vast majority of FOSS is written by software professionals, very often employed by a company that is making money from that same software, either through subscriptions, support or professional services. It is obviously in the interest of these businesses to ensure their software works well and their coding is of high quality.” The opposite end of the argument is that the large number of developers working on an open source project make it more secure, by virtue of the number of people checking the code. Ultimately, the distinction comes down to opinion and perspective.

So, is open source more or less secure than proprietary software?

While there are undoubtedly differences between proprietary and open source software, describing one as ‘more secure’ than the other is problematic. Some proprietary software has massive security flaws, and some open source software provides better security than their proprietary counterparts. In the words of Dr Ian Levy,  “On average, good open source is about as good as good proprietary, and

[bad] about as bad as bad proprietary.” Describing software as ‘secure’ is difficult for many reasons – organisations should instead think about the security features they need, and then evaluate whether or not the software in question is capable of delivering that.

So what does that leave us with? Simply, some software is ‘good’ while other software is ‘bad’. Whether the software in question is open source or proprietary becomes incidental – the only question that really matters is whether or not it will serve the best interests of your organisation.

IRIS has over a decade’s experience in the Southern African telecoms and ISP markets. To find out more about our lightweight yet uniquely scalable Network Monitoring Software, download our free Network Manager’s Guide to a Stable and Highly Available Network.

Image credit: www.noobslab.com

By |March 2nd, 2016|Categories: Network Management System, Network Security|Tags: , |Comments Off on Fact versus Fiction: Is Open Source software less secure?

About the Author:

Over the +15 years in the network engineering and design field, I have gained key insights into what it takes to make large-scale enterprise networks tick. Having spent years with top players in the Internet Service Provider (ISP) industry, has exposed me to the myriad of technologies and intricacies involved in large scale network administration. Maximising Enterprise and ISP efficiency, and designing software that facilitates this goal presents great challenges in the context of ever-expanding global networks. At IRIS Network Solutions we are a team of ISP and Enterprise monitoring and management specialists who identified a need for a more comprehensive, proactive and low touch NMS. We developed IRIS with the key concerns of IT Executives concerned with large enterprises and ISPs in mind.