How Secure Are Open Source Applications?

When you have an open source project, if it becomes popular, it can be one of the greatest achievements that a programmer can have.

Most applications that a programmer works on will only be seen by a small amount of people, even if they release it commercially; very few application become popular.

how secure are open source applications?

how secure are open source applications?

Open Source Applications

But, in the world of open source, it doesn’t matter as much.

The start up cost of a programmer developing their own application is almost nil and it is not built for them to become famous.

It is a tool that the programmer wants to share with other people.

Releasing the code also allows the programmer to get help from his peers.

This help from his peers can lead to a lot of holes being fixed, including security holes.

No matter how much experience you have in the world of creating applications, you will always leave security holes open; the problem you want to solve is having the fewest amount possible.

Having other talented programmers help you go over your code will help you cut down on the security bugs significantly, especially if they are well versed in finding security problems.

When you have a commercial application that is closed sourced this is not possible – others can not see the code since it is in a black box.

At best, they can use a disassembler and see the code in a byte code or assembly format which is the same type of method that hackers use when they are trying to subvert the code for their own purposes.

So, while you may be stopping black hat hackers momentarily from getting to see the code for your application, you are also stopping people that would help you secure the code.

Black hat hackers have a financial motivation to try to break your code, white hat hackers do not.

So they will not go over it and see if there is a problem.

As you see, this is a big advantage for open sourced projects.

Open Source Projects Are Not Completely Rosy

On the flip side, there is a problem with open sourced projects as well.

It is great that once a project becomes popular, that you have a lot of eyes to help review the code but what happens if the project doesn’t become popular?

What if no one uses the code?

Then that means there will be no extra eyes on the project.

Also, it means no security advantage.

The original developer might grow bored with project and abandon it.

This means that no one will be there to fix any bugs that may lay in the software.

This is a huge concern, especially for a business.

It might sound weird, but a business cares less about the cost of a product and more about the reliability of the product.

It doesn’t matter if the product is free if it does not prove to be secured at the end of the day.

So is an open sourced project more secured than a closed source project?

The answer is that it depends.

But if the project is a popular one, then you can rest assured that the security on the software will be as much or more secured than the commercial alternative.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] field of computer security you are trying to get in to you will something that will help you in the open source community. For example if you are someone who is into networking security then you will find plenty […]

  2. […] the software usually gets to it when they have the time. If you are a small business and you have a security problem with the software then that is not good enough. You need someone that is able to help you now and not at their […]

  3. […] is small and there are only two or three people working on it besides you then it is easier to maintain quality control and security. But as it starts to grow then you have to keep an eye out on the community more than ever before. […]

  4. […] attack it when it is installed on their potential victim’s servers.While this is a problem with open source software, closed source software has their problems as well. At least with the open source community you […]

  5. […] of open source and all of the wonders that it can do. And for the most part they are right; open source software really is a good thing. There are many advantages to using software that is considered open […]

  6. […] made with the open source movement, as with anything else there is a bad side as well.While with the open source movement we have a chance to look at the code of the project to make sure that nothing is amiss, it is also […]

  7. […] it is open source.There is both a good and bad side of a project being licensed in this way.The security of the project depends on the people and not their incentive to contribute. AKPC_IDS += "22922,";google_ad_client […]

  8. […] basics all online.Once you have found that information you can then use it to start to do work on open source projects that might need help in finding holes in their software.While most programmers will know the basics […]

  9. […] though this is a problem for open sourced projects, it’s a problem for all […]

Speak Your Mind

*