On BNET: Online porn struggles for profits
BNET Business Network:
BNET
TechRepublic
ZDNet
90 TalkBacks

By Richard Thurston
Posted on ZDNet News: Oct 26, 2006 5:54:00 PM

Alan Cox, one of the most respected figures in the U.K. open-source community, has warned about complacency over the security of open-source projects.

Speaking to delegates at London's LinuxWorld conference on Wednesday, he emphasized that considerable sums of money were being spent in attempting to hack into open-source systems.

And he cautioned that many open-source projects were far from secure.

Cox
Alan Cox
Linux developer

"There is a lot of money going into security, but the situation is worse, because there is a lot of money going into breaking security. People are being paid to work breaking down software systems," Cox, who is employed by Linux seller Red Hat, told delegates.

"Things appear in the media, like 'open-source software is more secure, more reliable and there are less bugs.' Those are very dangerous statements," Cox said.

Cox said that analysis looks only at well-known projects. An analysis of 150 projects from SourceForge, a repository for open-source code, would not result in the same high marks that the Linux kernel would get, he noted. "High-quality only applies to some projects--those with good code review and those with good authors," Cox said.

"The debate of Microsoft saying 'Look how secure we are' versus Linux saying 'We're more secure' is not looking at the important points," he added.

Cox, who has been closely involved with the development of the Linux kernel for many years, also took the opportunity to take a swing at a newly launched project that promises to measure the quality of open-source code.

The Software Quality Observatory for Open Source Software (SQO-OSS), funded by the European Commission, was launched on Monday. Cox told delegates that metrics must not become targets.

"It is good to build metrics, and SQO-OSS has great potential," he said. "But there are problems with this, and there are risks associated with that kind of methodology.

"If you are working with metrics and you have 14 bugs, you fix the 13 easy ones, and the one hard one can wait. That happens in the security world, but it becomes inefficient."

Richard Thurston reported for ZDNet UK in London.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 90 Talkback(s)
Spacely Spacerockets
BTW it was Sapcely SpaceSPROCKETS not SpaceROCKETS.

George Jetson would be offended and Astro would be appalled.

wink... (Read the rest)
Posted by: filrod@... Posted on: 10/31/06 You are currently: a Guest | | Terms of Use
Open-Source should be under the 'eye'  Linux User 1 | 10/26/06
Programmer's job?  April May | 10/26/06
In Open Source, the fields overlap  CobraA1 | 10/26/06
Yes but????  April May | 10/27/06
parameter defence  in-DUH-vidual | 10/26/06
Let the games begin!  ShadeTree | 10/26/06
Your world views notwithstanding...  Spikey_Mike | 10/26/06
What about the Windows kernel?  xuniL_z | 10/26/06
What about the Windows kernel?  Spikey_Mike | 10/26/06
It blows the ABMer mind!!  NonZealot | 10/26/06
Windows Vista was a trainwreck...  Spikey_Mike | 10/27/06
Change your argument much?  NonZealot | 10/27/06
Reply to NZ  Spikey_Mike | 10/27/06
Reply to Spikey_Mikey  NonZealot | 10/27/06
never said it was, did i?  April May | 10/27/06
Talk about being deluded!  ShadeTree | 10/27/06
So that explains why it has already been hacked  zkiwi | 10/28/06
Please provide evidece of a hack on the ...  ShadeTree | 10/30/06
Authentium reckon they've done it  zkiwi | 10/30/06
Re: Let the games begin!  none none | 10/26/06
Not a refutation at all, just the opposite  eb276 | 10/26/06
Another possibility.  3D0G | 10/26/06
It is funny, isn't it?  NonZealot | 10/26/06
Makes me wonder who is paying the hackers anyway ?  Intellihence | 10/27/06
What makes you think...  3D0G | 10/27/06
is that Mike Cox's brother?  Linux Geek | 10/26/06
Dummy Geek...  yyuko@... | 10/26/06
Agree  BobF_z | 10/27/06
You would know...  John Zern | 10/27/06
"Wouldn't". That's the word  John Zern | 10/27/06
I bet he was paid off by MS  daMan25 | 10/26/06
Linux guru warns on security in open-source code  Loverock Davidson | 10/26/06
In case you hadn't read the article  zkiwi | 10/26/06
Which I did thanks  Loverock Davidson | 10/26/06
Your response indicates you didn't read it  zkiwi | 10/26/06
The Linux kernel  Linux User 1 | 10/26/06
I did thanks  Loverock Davidson | 10/26/06
What about the WindBlows Kernel PROBLEMS .  Intellihence | 10/27/06
OS religion?  Carl Rogers | 10/27/06
for clarification ...  phburks | 10/29/06
The only faults you pointed ut were your inability to use Unix like OSs.  B.O.F.H. | 10/29/06
And as it would seem that  zkiwi | 10/29/06
RE: In case you hadn't read the article  joe6pack_z | 10/26/06
Aww  Loverock Davidson | 10/26/06
let's break this down so it is simple for you to understand  fireman949 | 10/30/06
It's no use, LinuxGeek is a lost cause, yyuko  A.Typical Zork | 10/26/06
Well, as it's been said before  John Zern | 10/27/06
Village Idiot Semi-Finals  handydan918 | 10/27/06
I Agree, though you may have missed one  John Zern | 10/29/06
Very Impressive Postings  MLHACK | 10/26/06
Finally, an objective voice  xuniL_z | 10/26/06
Did you read some other article?  DemonX | 10/26/06
I know it.  xuniL_z | 10/26/06
Attn: Mr. Know it all.  Spikey_Mike | 10/26/06
So you would...  zkiwi | 10/26/06
a hybrid model.  April May | 10/27/06
"The internet needs scrapped and redesigned as a good network."  handydan918 | 10/27/06
Why do you feel more secure?  zkiwi | 10/26/06
You forgot to apply ABMer logic!  NonZealot | 10/26/06
What is ABM?  hoiatl | 10/26/06
ABM  perryroyce@... | 10/27/06
Well...  zkiwi | 10/27/06
I will still be looking to Linux because...  msolgeek | 10/26/06
Ooooo, you got me!!!  NonZealot | 10/26/06
What you said was...  msolgeek | 10/27/06
Awww, msolgeek is getting frustrated  NonZealot | 10/27/06
Well...  zkiwi | 10/27/06
That depends  Sabz5150 | 10/27/06
MythTV  NonZealot | 10/27/06
If I read correctly....  Shelendrea | 10/26/06
The only certain thing in the world of computers...  Spikey_Mike | 10/26/06
Linux woes and problems  Linux User 1 | 10/26/06
LOOK EVERYONE!!!@ HE MENTIONS ME!!!  Loverock Davidson | 10/26/06
Plain & simply he called you an idiot !  Intellihence | 10/27/06
Inferiority Complex  Spacely Spacerockets | 10/28/06
Spacely Spacerockets  filrod@... | 10/31/06
Why don't you take your meds and run along...  Linux_Fanboy | 10/28/06
Of course it expected to start happening  hoiatl | 10/26/06
Internet Security - Despite O/.S  zczc2311@... | 10/26/06
So when is the Linux community gonna get off their ass and build a secure..  BeGoneFool | 10/27/06
Have you tried???  Spikey_Mike | 10/27/06
Impossible!  ejhonda | 10/27/06
EJ get thou blood pressure under control  BXLE | 10/27/06
Don't fret, I tell all it's bulletproof  Boot_Agnostic | 10/27/06
Poor , poor MS Shills .  Intellihence | 10/27/06
Security........  Kobashrer | 10/27/06
I will use Linux exclusively  LinuxUser&XPGamerGraphic | 10/27/06
Not recommending it?!  Kobashrer | 10/27/06
I use XP and Linux, happily.  WebThingy | 10/28/06
Give me a break, Linux will always be...  Linux_Fanboy | 10/28/06

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here