Linux Today: Linux News On Internet Time.

More on LinuxToday

Network Magazine: Open Source Software: Is it Really Secure?

Sep 05, 2002, 22:00 (6 Talkback[s])
(Other stories by Rik Farrow)

" People often ask me if they should trust Open Source Software (OSS). This question predates the emergence of Linux and the various Berkeley Software Distribution (BSD) OSs, as popular security software for Unix systems, such as COPS (www.fish.com/cops/) and Tripwire (www.tripwire.com), began showing up in the early 1990s. Organizations accustomed to paying big bucks for any software they planned to use were understandably cautious about free software that didn't come from well-known vendors.

"And recent events have added a scary twist to OSS. Several sites, one with a program designed for stress-testing Intrusion Detection Systems (IDSs), had backdoors added to installation scripts, so that anyone who installed the software risked having his or her system compromised. The perpetrators had disguised the backdoors, so they appeared to be part of a normal configuration process.

"OSS has proved to be as secure as, if not more secure than, proprietary software from big software vendors. You can take steps to assure that the software you've downloaded hasn't been tampered with, simply by verifying the digital signature that many distributors include at their download sites..."

Complete Story

Related Stories: