Title: Feldman Explains Open Source, I Ponder his Approach
In a multi part series published in KM World magazine, David Feldman
is explaining Open Source software and the dynamics of the groups who
support it. The developer group organizations are as interesting to
understand (see Bob Wolf reference in Collaboration - Yesterday, Today & Tomorrow - Boston KM Forum) as where open source will make its biggest
mark (open source tools vs. operating systems vs. applications, for
example).
These
are good examples and a lens through which to view open vs. closed
source applications. However, when considering security, relative
security that is, other key factors may include the size of the effort,
the number of deployments of the software, and the market's emotional
profile toward the software.
A study by Coverity described in CNET News.com
tells us that of 32 open source projects, an average of 0.434 bugs per
1,000 lines of code were found. However, looking only at the LAMP
stack, only 0.29 bugs per 1,000 were found. So, it would appear that
larger open source efforts result in higher software quality.
I
am looking for a study on security considerations for the various
operating systems. My own experience when in Operations at a Content
Distribution Network provider was that our Linux servers, over 100
distributed globally, were attacked regularly and compromised several
times. By contrast, our Solaris servers were rarely attacked and never compromised.
My
presumption is that Linux code is better known and, therefore, more
easily targeted. On the other hand, in the case of Microsoft Windows,
the market profile is such that hackers like to target it and have done
so quite successfully.