Network Magazine: Open Source Software: Is it Really Secure?

" People often ask me if they should trust Open Source Software (OSS). This question predates the emergence of Linux and the various Berkeley Software Distribution (BSD) OSs, as popular security software for Unix systems, such as COPS (www.fish.com/cops/) and Tripwire (www.tripwire.com), began showing up in the early 1990s. Organizations accustomed to paying big bucks for any software they planned to use were understandably cautious about free software that didn't come from well-known vendors.

"And recent events have added a scary twist to OSS. Several sites, one with a program designed for stress-testing Intrusion Detection Systems (IDSs), had backdoors added to installation scripts, so that anyone who installed the software risked having his or her system compromised. The perpetrators had disguised the backdoors, so they appeared to be part of a normal configuration process.

"OSS has proved to be as secure as, if not more secure than, proprietary software from big software vendors. You can take steps to assure that the software you've downloaded hasn't been tampered with, simply by verifying the digital signature that many distributors include at their download sites..."

Complete Story

Related Stories:

• ZDNet: Secure Linux OS Seeks Global Dominance(Aug 19, 2002)
• ZDNet UK: ISIS to Provide 'Open Source' Security Information(Aug 06, 2002)
• Sydney Morning Herald: Open Sesame, for Tight Security(Aug 06, 2002)
• Help Net Security: Security in Open versus Closed Systems - The Dance of Boltzmann, Coase and Moore(Jul 09, 2002)