Open-source versus proprietary software Is one more reliable and secure than the other?

IBM Systems Journal,  June, 2005  by A. Boulanger

• E-mail
• Print
• Link

The explosive increase in the number of deployed free and open-source software (FOSS) systems has changed the world of information technology. When the first FOSS systems were developed, many of the users of these early systems were themselves technologists. Moreover, the distribution and use of such FOSS systems was initially limited to academia, research laboratories, and technical user groups. Today, however, FOSS systems are being developed and designed for mass consumption. Most of the businesses on the Internet use FOSS-developed systems, and retail stores such as Wal-Mart are offering to the general public steeply discounted computers that take advantage of FOSS-developed software. As the group of people and organizations that depends on FOSS technologies continues to grow, it becomes increasingly important that FOSS systems be secure and reliable.

Most Popular Articles in Technology

An overview of continuous data protection

Why all those current ratings?

Many countries now have a mobile penetration rate above 100%, report says

The Tata Group's big telecom gamble: VSNL's recent acquisition of Tyco ...

MEASURING BANK BRANCH EFFICIENCY USING DATA ENVELOPMENT ANALYSIS: MANAGERIAL ...

More »

Many FOSS systems were originally developed by a loose collaboration of volunteer programmers. The completed systems were then released to the public, and anyone could acquire and use these systems without paying a licensing fee. Free support for these systems was also provided by the volunteer community in the form of mailing lists and Web sites. Currently, however, many FOSS projects are professional efforts in which development is performed by a team of paid programmers, and the system is supported either without charge or through fees and subscriptions. In contrast, traditional proprietary systems are developed by a team of designers, project managers, programmers, technical writers, and quality assurance engineers. The systems they produce undergo design reviews, development progress reports, and formal quality assurance testing. Once completed, these systems are packaged commodities that are sold or licensed to the public for a fee. Support for the software product is usually provided by the developer of the system.

Which model is more reliable in terms of availability and security? Many papers discussing these issues have been published by proponents of each type of software. This paper examines the arguments presented in these published reports as well as the deployment and reliability figures for both open and proprietary systems.

SECURITY AND RELIABILITY CONSIDERATIONS FOR FOSS AND PROPRIETARY SYSTEMS

The security and reliability of FOSS-based systems are currently topics of an often heated debate. Proprietary vendors are funding, producing, and publishing reports supporting the position that closed-source proprietary systems offer superior security relative to their FOSS counterparts. For every report that is published claiming the superior security of proprietary systems, the FOSS community responds with a report refuting these claims.

Perhaps a significant reason for this heated debate is the fact that widespread adoption of the FOSS model would directly threaten the revenue stream of vendors of proprietary software. In several recent 10-Q quarterly filings with the Securities and Exchange Commission, Microsoft, one of the world's largest software publishers, has stated that the popularization and adoption of FOSS systems pose a significant challenge to its business model. (1) It is not surprising then that proprietary software vendors are on the offensive, attempting to discredit FOSS-developed systems.

Arguments about the relative security and reliability of FOSS and proprietary software typically focus on two key issues: availability of source code and software defect levels. We discuss these issues in the following sections.

Availability of source code

In June 2002, the white paper "Opening the Open Source Debate" (2) was released by the Alexis de Tocqueville Institution, an organization funded in part by Microsoft. Among its most controversial findings was that "Open source GPL [General Public License] use by government agencies could easily become a national security concern. Government use of software in the public domain is exceptionally risky." The basis for this assertion is the assumption that publicly available source code invites "hackers" (3) to examine the code in order first to search for exploitable vulnerabilities and then to develop and deploy Trojan horses and other types of malicious software. Therefore, the study concludes that the availability of source code is a significant security threat to government organizations using FOSS.

There are several problems with this assertion. It is inferred that closed-source proprietary systems are automatically more secure than their FOSS counterparts, a "security through obscurity" approach. If this assertion were true, then the number and rate of published vulnerability reports for closed-source systems should be significantly lower than those of their FOSS equivalents.

However, the available data does not support this assertion. In fact, many FOSS systems have substantially lower rates of published vulnerabilities than their closed-source counterparts. For example, a recent report (4) showed that Apache **, a

Find Research Guides for:

• Abortion
• ADHD
• AIDS
• Alternative Energy
• Alternative Medicine
• Cancer
• Capital Punishment
• Cloning
• Hate Crime
• Cryonics
• Drug Abuse
• Eating Disorders
• Gay Issues
• Global Warming
• Holidays
• Immigration
• Medical
• Men's Health
• Mental Health
• Real Estate
• Stem Cells
• Women's Health

Find Featured Titles for: News

• Advocate, The
• Air & Space Power Journal
• Air Force Journal of Logistics
• Air Force Law Review
• Air Force Speeches
• Airman
• All Hands
• American Forests
• American Journal of Economics and Sociology, The
• Approach
• Ebony
• Mother Jones
• National Review
• New Statesman
• Reason
• Washington Monthly

Most Popular Articles in Technology

• An overview of continuous data protection
• Why all those current ratings?
• Many countries now have a mobile penetration rate above 100%, report says
• The Tata Group's big telecom gamble: VSNL's recent acquisition of Tyco ...
• MEASURING BANK BRANCH EFFICIENCY USING DATA ENVELOPMENT ANALYSIS: MANAGERIAL ...
• More »

Most Popular Publications in Technology

• Computer Technology Review
• Japan, Inc.
• Communications News
• Internet Business News
• Macworld
• More »