Is Open Source Too Open for its Own Good?
Feb 18, 2010, 15:32 (2 Talkback[s])
(Other stories by Glyn Mody)
"As it happens, when I met Ts'o last month, we talked about
precisely this issue of trust. Prefacing his comments with the
standard "I'm not speaking for Google" that all Googlers seem
programmed to utter before casual conversation, Ts'o reflected on
the recent computer break-in at Google, and the fact that some
suggested it had been down to backdoors in code.
"Whether or not that was the case, he pointed out that there was
a growing danger that open source might become a tempting vector
for such attacks as it gradually becomes more widely deployed,
especially among governments and global enterprises. The fact that
anyone, anywhere, could, in theory, provide patches, makes this
"Hitherto, there has been an unspoken faith that people
submitting patches can be trusted because they are generally known,
and have a track record, just as Ts'o did back in the early days of
Linux. But as the number of patches increases, and they come from
more and more contributors about whom less and less is known, so
the risk that they contain undeclared extra features that third
parties might find useful at some later date also increases."