Open source software will have to lift its security game if it is to match that of proprietary software, particularly if its use proliferates, according to representatives from global information security companies. Asia Pacific vice president of security giant Symantec, Vincent Steckler, said open source is "not the silver bullet". "The reason viruses are written for Microsoft is because most people use it," Steckler said. "If 90 percent [of software] was open source there would be just as many attacks, only worse. Imagine smart hackers with [access to] source code." . . .
Open source software will have to lift its security game if it is to match that of proprietary software, particularly if its use proliferates, according to representatives from global information security companies.Asia Pacific vice president of security giant Symantec, Vincent Steckler, said open source is "not the silver bullet". "The reason viruses are written for Microsoft is because most people use it," Steckler said. "If 90 percent [of software] was open source there would be just as many attacks, only worse. Imagine smart hackers with [access to] source code." Speaking at IDC's SecurityVision 2004 conference in Sydney, Steckler compared the motives of operating system intruders and virus writers to that of the infamous New York bank robber Willy Sutton who, when asked why he robbed banks, said, "'Cause that's where all the money is". Steckler said, "Replacing Microsoft with open source won't solve the security problem. "Why would anyone write viruses for OS/2?" SurfControl's technical manager for e-mail products and technology, Richard Cullen, seconded this argument of increased proliferation leading to more security issues. Open source and Linux hasn't seen as many exploits because of market penetration," Cullen said. "There are viruses for Linux but Microsoft is a bigger target." On the topic of source code access, Cullen said: "Recently, some of Microsoft's source code was leaked and an exploit was discovered within days. This happened because the code was open." NSW Fisheries' principal IT services manager Gregory Krasovitsky agreed that market penetration is an important factor when comparing open versus closed source security. "We don't see as many [security] patches for open source because of its market penetration and security companies are writing software for 90 percent of the market," Krasovitsky said. "For example, Debian (Debian GNU/Linux) has left vulnerabilities there and didn't release any patches for them."
Read this full article at cio.com
Powered by AkoComment! |
