PC Week: Experts debate merits of open source for securityMar 24, 2000, 23:49 (9 Talkback[s])
(Other stories by Scott Berinato)
"The security debate pits two theories against one another -- "many eyes" vs. "security by obscurity." Open-source projects such as Linux follow the many eyes principle, which states that the more developers working on code and the fewer secrets, the harder it is to compromise the software because more people will detect issues and fix them."
"I tend to lean toward the open-source model for a couple of reasons," said Kelly Fulks, systems administrator at Huntsville Hospital, in Huntsville, Ala. "You have more people looking at the code, and if something goes wrong, we totally control the fix. It's lower cost, and it's always better to invest in people talent instead of paying for software." The hospital uses Sendmail...."
"Proprietary-source advocates argue for hiding the code as a deterrent to breaking the code, just as burglars avoid houses with locked doors. That's the security by obscurity theory. If open source empowers software builders, it equally empowers attackers. With freely available blueprints, hackers can get clever at building malicious code to attack systems."