1 / 7

Security in Open Source Software

Security in Open Source Software. Joe Wilcox. What is Open Source?. Source code is published Created via collaboration of developers Many different kinds of open source projects Over 1 million open source projects

camden
Download Presentation

Security in Open Source Software

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in Open Source Software Joe Wilcox

  2. What is Open Source? • Source code is published • Created via collaboration of developers • Many different kinds of open source projects • Over 1 million open source projects • Some of the biggest names in technology are using an open source development model

  3. Open Source Software Myths • “If the source code is available to the public, doesn’t that make that piece of code less secure” • “If the source code is available to the public, doesn’t that make the piece of code more secure because more people are able to look at it” • “If anyone can contribute, doesn’t that mean that incompetent developers can create security flaws”

  4. “…doesn’t that make that piece of code less secure” • Open Source Software is written in a way that it is secure, even though it is published • Security is not derived from the secrecy of the source code, but on the functionality of the source code • Studies show that open source software has, on average, no more or less vulnerabilities in it than privately created software • Each type of software has its pros and its cons

  5. …doesn’t that make the piece of code more secure because more people are able to look at it” • More eyes on the source code helps, if they are competent eyes • Much open source software is just published and users will use it, without knowing if the software has been looked at by experts • The best open source software is open so that academics and experts can test and evaluate the software.

  6. “If anyone can contribute, doesn’t that mean that incompetent developers can create security flaws” • Software developers want to have their names on legitimate software to maintain credibility as a developer • Often times, not just anyone can contribute, it’s more of an organized chaos • High-end open source software developers must go through a review process before being able to contribute code • Sometimes there are flaws in Open Source software, but there are just as many flaws in private software

  7. Overall, the major difference between security in Open Source and private software • Software inherently has bugs when it is created. When one vulnerability is patched, another one opens, it’s an endless dance • When a bug is reported, Open Source software is often fixed right away, and the patch will be out within hours or days. • Privately created software often has just as many problems as open source, but the patches for those problems can be slow and expensive, or not done at all • The profit line is always kept in mind

More Related