[PLUG] security myths
Steve Bonds
1s7k8uhcd001 at sneakemail.com
Tue Oct 21 13:17:02 UTC 2003
On Tue, 21 Oct 2003, Mike Neal miken-at-hotsushi.com |PDX Linux| wrote:
> Any links to articles debunking the notion Open Source is less secure
> because hackers can see the source code? I need an "Authority" to point
> to.
http://slashdot.org/interviews/99/10/29/0832246.shtml
This is an interview with Bruce Schneier, arguably among the top experts
in computer security. In the answer to the first question he discusses
the need for deep public review of security.
Also, in his book "Secrets and Lies", in several places he discusses
explicitly how Open Source software is more secure because of the peer
review by security experts that can happen. He also is careful to caution
that just because it's Open Source doesn't mean that the peer review *has*
happened, and such products will be less secure as a result.
I don't have the book handy so I can't quote sections.
This link from IBM also discusses this topic and provides a lot of the
same advice:
http://www-106.ibm.com/developerworks/linux/library/l-oss.html
-- Steve
More information about the PLUG
mailing list