Does open source improve system security?

被引:25
|
作者
Witten, B
Landwehr, C
Caloyannides, M
机构
[1] DARPA, ATOO, Arlington, VA 22203 USA
[2] Mitretek Syst, Mclean, VA 22102 USA
来源
IEEE SOFTWARE | 2001年 / 18卷 / 05期
关键词
Algorithms - Computer system firewalls - Computer system recovery - Cryptography - Internet - [!text type='Java']Java[!/text] programming language - Portals - Program compilers - Security of data - UNIX;
D O I
10.1109/52.951496
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
By guarding their source code, most soft-ware producers make it hard for an outsider to help improve system security. But because attackers can also examine public source code to find flaws, is source code access a net gain or loss for security? The question goes beyond technical issues: publishing source code reveals intellectual property and therefore affects the producer's business model. This article considers this question from several perspectives and tentatively concludes that making source code available should, on balance, work in favor of system security.
引用
收藏
页码:57 / +
页数:6
相关论文
共 50 条
  • [21] Discovering Vulnerabilities and Patches for Open Source Security
    Gunkel, Tamara
    Hupperich, Thomas
    PROCEEDINGS OF THE 17TH INTERNATIONAL CONFERENCE ON SOFTWARE TECHNOLOGIES (ICSOFT), 2022, : 641 - 648
  • [22] A Survey on Network Security Tools for Open Source
    Mandal, Nabanita
    Jadhav, Sonali
    2016 IEEE International Conference on Current Trends in Advanced Computing (ICCTAC), 2016,
  • [23] Open Source Supply Chain Security at Google
    Cox, Russ
    PROCEEDINGS OF THE 2023 WORKSHOP ON SOFTWARE SUPPLY CHAIN OFFENSIVE RESEARCH AND ECOSYSTEM DEFENSES, SCORED 2023, 2023, : 3 - 3
  • [24] Trusting strangers - Open source software and security
    Landwehr, CE
    BUILDING THE INFORMATION SOCIETY, 2004, 156 : 679 - 683
  • [25] Open source security-still a myth
    Vieg, John
    Database and Network Journal, 2004, 35 (06): : 15 - 17
  • [26] Security Analysis in Open Source Linux Network
    Mishra, Mukesh Kumar
    Goyal, Dinesh
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2014, 14 (08): : 68 - 72
  • [27] Enforcing security policies in open source JVM
    Wei, Da
    Jin, Ying
    Zhang, Jing
    Zheng, Xiao-Juan
    Li, Zhuo
    Tien Tzu Hsueh Pao/Acta Electronica Sinica, 2009, 37 (SUPPL.): : 36 - 41
  • [28] Web Server Security on Open Source Environments
    Gkoutzelis, Dimitrios X.
    Sardis, Manolis S.
    NEXT GENERATION SOCIETY: TECHNOLOGICAL AND LEGAL ISSUES, 2010, 26 : 236 - +
  • [29] Removing a false sense of (open source) security
    Williams J.
    Computer Fraud and Security, 2020, 2020 (06): : 8 - 10
  • [30] Open system security standards
    Reitenspiess, Manfred
    Computers and Security, 1993, 12 (04): : 341 - 361
12345