“I’m glad to see the new Linux area at SecurityFocus! With
the rapidly increasing acceptance of Linux in the enterprise, sites
like this are essential. But the most important part of
coverage by SecurityFocus is the fact that they will also continue
to cover Microsoft Windows. That will let readers compare the
security of the Linux and Windows in real life, over time. Time and
the coverage by SecurityFocus will tell us if our theories about
Open Source and security are true. Let’s talk about some of those
theories:”
“Security experts say that an Open Source system should be more
secure than a closed-source one like Windows. The reason is that
closed-source software allows computer criminals to probe its
security flaws while it discourages the “white hat” programmers who
would find and fix security problems. An ethical programmer might
read the source code for Linux out of curiosity, to solve a
problem, or to routinely patrol for security problems. Many people
read Linux this way every day, and this process has come to be
known as “The Many-Eyes Effect”. With so many people scrutinizing
the Linux code, problems are likely to be found before they happen.
Even if a problem slips by, there are a lot of people who, by
virtue of having read large parts of the source code, are qualified
to fix Linux security problems. The result to date has been that a
recent study published here says that problems pointed out in
security advisories about Linux are repaired in approximately half
the time needed for Microsoft to close equivalent problems in
Windows.”
“The expanding user community and coverage by sites like
SecurityFocus will allow us to keep track of Linux security over
time, and compare it with Microsoft Windows and other systems.
Linux developers like me will be working hard to provide a more
secure operating system – for us it’s not just a job but also a
matter of pride.”