Is Open Source Too Open for its Own Good?

"As it happens, when I met Ts'o last month, we talked about precisely this issue of trust. Prefacing his comments with the standard "I'm not speaking for Google" that all Googlers seem programmed to utter before casual conversation, Ts'o reflected on the recent computer break-in at Google, and the fact that some suggested it had been down to backdoors in code.

"Whether or not that was the case, he pointed out that there was a growing danger that open source might become a tempting vector for such attacks as it gradually becomes more widely deployed, especially among governments and global enterprises. The fact that anyone, anywhere, could, in theory, provide patches, makes this more problematic.

"Hitherto, there has been an unspoken faith that people submitting patches can be trusted because they are generally known, and have a track record, just as Ts'o did back in the early days of Linux. But as the number of patches increases, and they come from more and more contributors about whom less and less is known, so the risk that they contain undeclared extra features that third parties might find useful at some later date also increases."

Complete Story

Related Stories:

• 32% of computers with AV protection are infected(Feb 11, 2010)
• Can you trust Chinese computer equipment?(Feb 05, 2010)
• Hacking for Fun and Profit in China’s Underworl(Feb 04, 2010)
• U.S. enables Chinese hacking of Google(Jan 25, 2010)
• Russia, Brazil Lead Cyber Attack Barrage(Jan 20, 2010)
• Google Threatens to Close China Operations(Jan 13, 2010)