“The security debate pits two theories against one another —
“many eyes” vs. “security by obscurity.” Open-source projects such
as Linux follow the many eyes principle, which states that the more
developers working on code and the fewer secrets, the harder it is
to compromise the software because more people will detect issues
and fix them.”
“I tend to lean toward the open-source model for a couple of
reasons,” said Kelly Fulks, systems administrator at Huntsville
Hospital, in Huntsville, Ala. “You have more people looking at the
code, and if something goes wrong, we totally control the fix. It’s
lower cost, and it’s always better to invest in people talent
instead of paying for software.” The hospital uses
Sendmail….”
“Proprietary-source advocates argue for hiding the code as a
deterrent to breaking the code, just as burglars avoid houses with
locked doors. That’s the security by obscurity theory. If open
source empowers software builders, it equally empowers attackers.
With freely available blueprints, hackers can get clever at
building malicious code to attack systems.”