Open source: does transparency lead to security?

A recent report criticising the security of open source software, and a flame war among Linux developers, have cast some doubts on whether open source software can achieve a sufficiently high level of security. Yet others believe that the principles of transparency and community involvement actually contribute to higher levels of software quality, including security, than can be achieved in the closed world of proprietary software. It's an important issue as open source projects continue their inroads into mainstream, enterprise solutions. Steve Mansfield-Devine examines the arguments and touches on the efforts being made to develop best practices, methodologies and tools to ensure security in open source software. Debates about open source software quickly develop a religious dimension. And nothing is more likely to set off an argument of inquisitional proportions than accusations of shortcomings in an area as important as security. Two recent events highlighted the issue of the security of open source software (OSS): one was a report claiming that open source developers are failing to achieve the necessary standards. The other was a suggestion that Linux kernel developers may have tried to cover up security vulnerabilities. However, when it comes to ensuring the quality of software from a security standpoint, is there really any difference between open source and closed source? © 2008 Elsevier Ltd. All rights reserved.