DevX: Debating Open Source As a Secure Methodology | Linux Today

DevX: Debating Open Source As a Secure Methodology

Written By
Web Webster
Web Webster
Feb 14, 2004

Open Source Is Fertile Ground for Foul Play

[ Thanks to Jason
Greenwood
for this link. ]

“An old adage that governments would be well-served to heed is:
You get what you pay for. When you rely on free or low-cost
products, you often get the shaft, and that, in my opinion, is
exactly what governments are on track to get. Perhaps not today,
nor even tomorrow, and not because open source products are less
capable or less efficient than commercial products, but because
sooner or later, governments that rely on free open source software
will put their country’s and their citizens’ data in harm’s way.
Eventually—and inevitably—an open source product will
be found to contain a security breach—not one discovered by
hackers, security personnel, or a CS student or professor. Instead,
the security breach will be placed into the open source software
from inside, by someone working on the project.

“This will happen because the open source model, which lets
anyone modify source code and sell or distribute the results,
virtually guarantees that someone, somewhere, will insert malicious
code into the source. Malevolent code can enter open source
software at several levels. First, and least worrisome, is that the
core project code could be compromised by inclusion of source
contributed as a fix or extension. As the core Linux code is
carefully scrutinized, that’s not terribly likely. Much more likely
is that distributions will be created and advertised for free, or
created with the express purpose of marketing them to governments
at cut-rate pricing. As anyone can create and market a
distribution, it’s not far-fetched to imagine a version subsidized
and supported by organizations that may not have U.S. or other
government interests at heart…”

Complete
Story

Who’s Guarding the Guards? We Are

“The editorial published on February 11, ‘Open Source Is Fertile
Ground for Foul Play,’ suggests three areas where security might be
a concern for governments when considering open source software.
However, all three arguments are flawed ‘straw men’ when subjected
to rational analysis. Indeed, some of the author’s own arguments
demonstrate the strengths of open source when weighed against any
closed source alternative.

“First, the author, DevX Executive Editor A. Russell Jones,
suggests that security breaches could be inserted into open source
software by an insider, perhaps hidden in code submitted as a fix
or an extension. While there is a remote possibility of this
occurring (this is conceded as ‘not terribly likely’ even by the
author), there is a far greater possibility of this occurring when
patching closed source software…”

Complete
Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.