Does open source improve system security?

被引:25
|
作者
Witten, B
Landwehr, C
Caloyannides, M
机构
[1] DARPA, ATOO, Arlington, VA 22203 USA
[2] Mitretek Syst, Mclean, VA 22102 USA
来源
IEEE SOFTWARE | 2001年 / 18卷 / 05期
关键词
Algorithms - Computer system firewalls - Computer system recovery - Cryptography - Internet - [!text type='Java']Java[!/text] programming language - Portals - Program compilers - Security of data - UNIX;
D O I
10.1109/52.951496
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
By guarding their source code, most soft-ware producers make it hard for an outsider to help improve system security. But because attackers can also examine public source code to find flaws, is source code access a net gain or loss for security? The question goes beyond technical issues: publishing source code reveals intellectual property and therefore affects the producer's business model. This article considers this question from several perspectives and tentatively concludes that making source code available should, on balance, work in favor of system security.
引用
收藏
页码:57 / +
页数:6
相关论文
共 50 条
  • [1] Open source: does transparency lead to security?
    Comput. Fraud Secur., 2008, 9 (11-13):
  • [2] Understanding How the "Open" of Open Source Software (OSS) Will Improve Global Health Security
    Hahn, Erin
    Blazes, David
    Lewis, Sheri
    HEALTH SECURITY, 2016, 14 (01) : 13 - 18
  • [3] Open Source Security Information Management System Supporting IT Security Audit
    Hermanowski, Damian
    2015 IEEE 2ND INTERNATIONAL CONFERENCE ON CYBERNETICS (CYBCONF), 2015, : 336 - 341
  • [4] Extracting Knowledge from Open Source Projects to Improve Program Security
    Nembhard, Fitzroy
    Carvalho, Marco
    Eskridge, Thomas
    IEEE SOUTHEASTCON 2018, 2018,
  • [5] A security evaluation and testing methodology for open source software embedded information security system
    Choi, SJ
    Kang, YH
    Lee, GS
    COMPUTATIONAL SCIENCE AND ITS APPLICATIONS - ICCSA 2005, PT 2, 2005, 3481 : 215 - 224
  • [6] On the security of open source software
    Payne, C
    INFORMATION SYSTEMS JOURNAL, 2002, 12 (01) : 61 - 78
  • [7] Is Open Source Security a Myth?
    Schryen, Guido
    COMMUNICATIONS OF THE ACM, 2011, 54 (05) : 130 - +
  • [8] Security and trust in open source security tokens
    Schink M.
    Wagner A.
    Unterstein F.
    Heyszl J.
    1600, Ruhr-University of Bochum (2021): : 176 - 201
  • [9] Comparative Analysis Of Web Security In Open Source Content Management System
    Patel, Savan K.
    Rathod, V. R.
    Prajapati, Jigna B.
    2013 INTERNATIONAL CONFERENCE ON INTELLIGENT SYSTEMS AND SIGNAL PROCESSING (ISSP), 2013, : 344 - 349
  • [10] Code Analysis for Software and System Security Using Open Source Tools
    Chahar, Chandrapal
    Chauhan, Vishal Singh
    Das, Manik Lal
    INFORMATION SECURITY JOURNAL, 2012, 21 (06): : 346 - 352
12345