How do you respond to the argument that
open-source systems are by their nature insecure because their
source code is exposed?
If you have a weak system, it can be compromised without
knowledge of the source code. If you look at the history of
security flaws, most of them are found without any knowledge of the
source code. The idea of putting your head in the sand and
pretending that your system is secure when it isn't has been
demonstrated to be utterly ridiculous. It's what's known as
"security by obscurity," and it has serious defects.
[Every time you raise the bar with technology, the attackers can
raise the bar with anti-technology, or even technology itself.] The
open-source movement is not inherently guaranteed to come up with
secure software unless there is significant discipline in the
development, distribution, operation and administration of the
resulting systems. So it's important to realize that we have a lot
of weak links, all of which have to be addressed. The idea that
hiding the source code is going to solve the problem is utterly
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.