Skip to comments.
Study: Open source poses security risks
ZDNet ^
| May 31, 2002, 9:30 AM PT
| Matthew Broersma
Posted on 05/31/2002 3:15:28 PM PDT by Bush2000
A conservative U.S. think tank suggests in an upcoming report that open-source software is inherently less secure than proprietary software, and warns governments against relying on it for national security.
The white paper, Opening the Open Source Debate, from the Alexis de Tocqueville Institution (ADTI) will suggest that open source opens the gates to hackers and terrorists.
"Terrorists trying to hack or disrupt U.S. computer networks might find it easier if the federal government attempts to switch to 'open source' as some groups propose," ADTI said in a statement released ahead of the report.
Open-source software is freely available for distribution and modification, as long as the modified software is itself available under open-source terms. The Linux operating system is the best-known example of open source, having become popular in the Web server market because of its stability and low cost.
Many researchers have also suggested that since a large community contributes to and scrutinizes open-source code, security holes are less likely to occur than in proprietary software, and can be caught and fixed more quickly.
The ADTI white paper, to be released next week, will take the opposite line, outlining "how open source might facilitate efforts to disrupt or sabotage electronic commerce, air traffic control or even sensitive surveillance systems," the institute said.
"Computer systems are the backbone to U.S. national security," said ADTI Chairman Gregory Fossedal. "Before the Pentagon and other federal agencies make uninformed decisions to alter the very foundation of computer security, they should study the potential consequences carefully."
TOPICS: Business/Economy; Technical
KEYWORDS: opensource
Navigation: use the links below to view more comments.
first previous 1-20 ... 61-80, 81-100, 101-120 ... 161-178 next last
To: Nick Danger
The Alexis de Tocqueville Institution, a public policy think tank located in Arlington, Virginia recently completed a study on the impact of the Microsoft Certified Systems Engineer (MCSE) training program.
That's staggering proof, Nick. I had no idea that doing a study on MCSEs couldn't be undertaken by an organization unaffiliated with Microsoft. Thanks for the contribution. But keep trying. Your enthusiasm is almost as pathetic as this latest post.
81
posted on
06/01/2002 4:44:52 PM PDT
by
Bush2000
To: ThePythonicCow
Their greatest weakness lies in unrealized bugs, which public review can help thwart.
Correct, but there's no evidence that the availability of source code results in fewer bugs.
82
posted on
06/01/2002 4:46:08 PM PDT
by
Bush2000
To: Dominic Harr
Do a search of threads posted by Mr. Bush2k here. It's a long list of MS press releases.
Help yourself, Harr. The vast majority of posts that I've made come from ZDNet, ComputerWorld, and CNet. I don't think that anybody is going to call ZDNet a public mouthpiece for Microsoft; if anything, it's a near-constant antagonist.
83
posted on
06/01/2002 4:49:25 PM PDT
by
Bush2000
To: eraser X
I think the above is the important point with respect to national security. Why would anyone that cares about national security promote the idea of releasing all modifications back to the open source community?
Answer: Because they don't care. The FBI, NSA, and other federal agencies would love for citizens and foreign governments to utilize code based on open source because it makes it that much easier to plot exploits.
84
posted on
06/01/2002 4:52:13 PM PDT
by
Bush2000
To: Bush2000
Fact... Knowing an encryption algorythm and seeing the code
DOES NOT make it easier to crack. In fact, many of the best, and most secure, encryption methods are open source, or at least have publicly available code, like blowfish, RSA, PGP. That was the greatest condemnation of the "clipper chip." The fact that the "powers that be" refused to release either the algorythm or code, engendered distrust (with good reason) from the "cypher-punks."
Mark
85
posted on
06/01/2002 4:55:03 PM PDT
by
MarkL
Comment #86 Removed by Moderator
To: toddhisattva
Open source for a hacker / terrorist is analogous to having the blueprints for Fort Knox, the US attack plan for Iraq, or the schematics on how our missile targeting systems work. Actually, one of the most "harden-able" systems available in the world, is an open-source system, OpenBSD.
Mark
87
posted on
06/01/2002 4:59:28 PM PDT
by
MarkL
To: MarkL
Fact... Knowing an encryption algorythm and seeing the code DOES NOT make it easier to crack.
I'm not talking about encryption algorithms, Mark. I'm talking about everything else: the web server, the Java virtual machine, the TCP stack, the FTP server, the SQL database server, etc. These components are subject to a wide number of attacks, ranging from buffer overflows to data tampering to SQL injection to cross-site scripting to whatever. And having the source code gives an attacker a leg up on the defender.
88
posted on
06/01/2002 5:03:05 PM PDT
by
Bush2000
To: MarkL
Actually, one of the most "harden-able" systems available in the world, is an open-source system, OpenBSD.
That's an unprovable assertion, Mark, and you know it. While you may claim that anecdotally, it isn't a fact.
89
posted on
06/01/2002 5:05:08 PM PDT
by
Bush2000
Comment #90 Removed by Moderator
Comment #91 Removed by Moderator
To: Bush2000
The FBI, NSA, and other federal agencies would love for citizens and foreign governments to utilize code based on open source popular, easily compromised software because it makes it that much easier to plot exploits.
Perhaps you recall -- which Operating System is it that the FBI's Magic Lantern is usually presumed to be targeting ... VMS, Ultrix, HPUX, OS/2 Warp, Mac OSX, Netware, Linux, BSD, Hurd, Irix, AIX, SCO, BeOS, MVS, NeXT, ...? No, no, none of those. The name seems to escape me -- I'll bet you know, Bush2000.
Comment #93 Removed by Moderator
To: MarkL
"In fact, many of the best, and most secure, encryption methods are open source, or at least have publicly available code, like blowfish, RSA, PGP. "
So, you equate "best, and most secure" with "blowfish, RSA, PGP"? Yeah. That's why the NSA spends billions on new crypto because the commercial market is the best?
To: ThePythonicCow
You base your argument on a gross assumption that Magic Lantern targets Windows only? I'd try using facts in this debate, and not more guesswork, presented as facts.
To: Dominic Harr
Yes, Bush2k is the 'James Carville' of the MS/Freeper scene. But he doesn't bother me much, I mainly feel sorry for him.
The ones that were *really* annoying were banned. ...
2. * Bump that story as often as possible, typically by making outrageous inflamatory comments and insults that are certain to elicit responses.
Seems that Bush2000 has now read your description and has decided it's a good plan of action. I wonder if he will go the way of the rest of 'em.
Comment #97 Removed by Moderator
Comment #98 Removed by Moderator
To: jsr fded
My last post was referring to your post 92.
I think it
was marked as a reply to 92, as you intended. No problem found.
Comment #100 Removed by Moderator
Navigation: use the links below to view more comments.
first previous 1-20 ... 61-80, 81-100, 101-120 ... 161-178 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson