Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Development
    • Development

    eWeek Labs: Open Source Quicker at Fixing Flaws

    By
    Jim Rapoza
    -
    September 30, 2002
    Share
    Facebook
    Twitter
    Linkedin

      The real question for it organizations isnt whether open-source software is more secure than proprietary software but which type of software is fixed fastest.

      Humans code both open-source and proprietary software, which means that mistakes will be made, and the resulting holes need to be reported and closed. Right now, open source has it all over proprietary software when it comes to owning up to and resolving problems.

      Recent history provides striking examples of the approaches open-source and proprietary software vendors take to fixing security problems.

      Two key open-source applications were hit recently by serious security problems.

      In June, a flaw was found in the popular, historically secure Apache Web server that made it possible to remotely exploit code on a vulnerable system. And just this month, the Slapper worm spread to thousands of systems by taking advantage of a hole in the OpenSSL program.

      These were serious problems, and in both cases, the developers of the programs responded quickly. The Apache Software Foundation made a patch available two days after the Web server hole was announced. In the case of OpenSSL, a patch was available the day the flaw was announced.

      Compare this with how security problems were handled recently in the proprietary world.

      A serious flaw was found in Windows XP recently that made it possible to delete files on a system using a single URL. Microsoft Corp. quietly fixed this problem in Windows XP Service Pack 1, without notifying users of the problem.

      A more direct comparison can be seen in how Microsoft and the KDE Project responded to an SSL (Secure Sockets Layer) vulnerability that made the Internet Explorer and Konqueror browsers, respectively, potential tools for stealing, among other things, credit card information.

      The day the SSL vulnerability was announced, KDE provided a patch. Later that week, Microsoft posted a memo on its TechNet site basically downplaying the problem.

      Of course, there have been open-source problems that werent patched quickly. And software vendors, including Microsoft, often respond quite quickly to security holes.

      But, in general, open-source organizations react quickly and openly to problems while software vendors instinctively cover up, deny and delay. In addition, open-source organizations almost always fix vulnerabilities with small, focused patches, thus limiting unanticipated side effects. Vendors such as Microsoft, on the other hand, tend to provide multiple patches and fixes all rolled up into service packs, which are notorious for creating new problems while fixing old ones.

      In the end, it comes down to motivation. For open-source developers, the most important thing is credibility, which means taking problems seriously. Most proprietary software vendors, on the other hand, say that features come before security and seem to believe that it is better to sweep a problem under the rug than to admit a mistake openly.

      Avatar
      Jim Rapoza
      Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×