“Debate over the security of open-source software is sure to
intensify, if companies start replacing Unix and Microsoft products
with Linux and its freeware cousins. That hasn’t happened yet.
Sales of new Linux operating-system licenses declined 5 percent
from 2000 to 2001. But revenue from the sale of Linux systems is
projected to grow from $80 million last year to $280 million in
2006, says IDC Research. If open-source software grows in
popularity, it will surely be the target of more hackers.“The way Aberdeen sees it, open-source software has a
disadvantage in security because no single organization is
responsible for releasing patches, Aberdeen analyst Eric
Hemmendinger said. While Linux has a passionate development
community ready to tackle problems quickly, most other freeware has
fewer guardians. Therefore, IT organizations need to take these
conditions under consideration in deciding whether or how to use
open-source products. Users who are unprepared to fix
vulnerabilities themselves are not ready to deploy freeware,
Aberdeen asserts.“CERT believes Aberdeen drew too much from its numbers. The
organization doesn’t draw any conclusions from its advisories on
the vulnerability of open-source software vs. Microsoft or any
other seller of proprietary applications. Instead of comparisons,
the group focuses on identifying and studying security problems it
considers most serious based on CERT’s own metrics. That covers
about 20 percent of all known vulnerabilities, said Shawn Hernan,
senior member of the CERT technical staff…”
Related Story:
NewsFactor: Is Linux Really More Secure Than Windows?(Oct 12,
2002)