ZDNet: Which Is More Secure? -- Open Source Vs. ProprietaryJul 17, 2001, 01:00 (47 Talkback[s])
(Other stories by Jeremy Allison, Steven Lipner, Gary McGraw)
Jeremy Allison of the Samba team is one half of a point/counterpoint exchange on whether open source or proprietary software is more secure. One of Allison's opponents is the manager of Microsoft's Security Response Center:
Jeremy Allison writes:
"Is open source software more secure than proprietary software? in a word, "yes." However, will using open source software solve your security needs? The answer is a resounding "no." Many people believe security is a functionality of software. But network security is a process, not a checklist on the side of a software box."and his opponents offer:
"Commercial software tends to be more secure than open source software, for simple economic reasons. Simply put, you get what you pay for. Commercial development organizations have a powerful motivation to get security right: Their livelihoods depend on it. That's why commercial software firms use advanced tools and follow processes that leverage knowledge of known security flaws to drive "lessons learned" into new code. Commercial software firms not only employ people who are dedicated and passionate about security, they also pay them to do the hard, tedious work - including testing - that's not especially interesting to most open source volunteers."