Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Study: Open source poses security risks
ZDNet ^ | May 31, 2002, 9:30 AM PT | Matthew Broersma

Posted on 05/31/2002 3:15:28 PM PDT by Bush2000

A conservative U.S. think tank suggests in an upcoming report that open-source software is inherently less secure than proprietary software, and warns governments against relying on it for national security.

The white paper, Opening the Open Source Debate, from the Alexis de Tocqueville Institution (ADTI) will suggest that open source opens the gates to hackers and terrorists.

"Terrorists trying to hack or disrupt U.S. computer networks might find it easier if the federal government attempts to switch to 'open source' as some groups propose," ADTI said in a statement released ahead of the report.

Open-source software is freely available for distribution and modification, as long as the modified software is itself available under open-source terms. The Linux operating system is the best-known example of open source, having become popular in the Web server market because of its stability and low cost.

Many researchers have also suggested that since a large community contributes to and scrutinizes open-source code, security holes are less likely to occur than in proprietary software, and can be caught and fixed more quickly.

The ADTI white paper, to be released next week, will take the opposite line, outlining "how open source might facilitate efforts to disrupt or sabotage electronic commerce, air traffic control or even sensitive surveillance systems," the institute said.

"Computer systems are the backbone to U.S. national security," said ADTI Chairman Gregory Fossedal. "Before the Pentagon and other federal agencies make uninformed decisions to alter the very foundation of computer security, they should study the potential consequences carefully."


TOPICS: Business/Economy; Technical
KEYWORDS: opensource
Navigation: use the links below to view more comments.
first previous 1-20 ... 101-120121-140141-160161-178 last
To: Bush2000
"MS Windows source code is available under license. This is not surprising since the DoD, NSA, and other similar agencies require access to source code. Have a nice day."

Okay... But you can freely download open source off the net without signing some stupid license agreement and probably in the case of Microsoft, forking over a chunk of change. Thus, more people look at Open source code than Microsoft code. Have a nice day yourself.

161 posted on 06/03/2002 7:17:00 PM PDT by Crispy
[ Post Reply | Private Reply | To 142 | View Replies]

To: Bush2000
"There are people out there who believe that open source security will save their asses. That's an awfully big check to write..."

There are people out there who believe that Microsoft security will save their asses. That's a friggin huge check to write..."

162 posted on 06/03/2002 7:20:41 PM PDT by Crispy
[ Post Reply | Private Reply | To 156 | View Replies]

To: Crispy
Okay... But you can freely download open source off the net without signing some stupid license agreement and probably in the case of Microsoft, forking over a chunk of change.

The original issue was availability of source code to government agencies such as the FBI, DOD, CIA, etc, not a bunch of teen hackers. MS has met that burden.
163 posted on 06/04/2002 8:13:01 AM PDT by Bush2000
[ Post Reply | Private Reply | To 161 | View Replies]

To: Crispy
There are people out there who believe that Microsoft security will save their asses. That's a friggin huge check to write..."

Which is a good caveat: Nobody should take security for granted on any platform.
164 posted on 06/04/2002 8:13:35 AM PDT by Bush2000
[ Post Reply | Private Reply | To 162 | View Replies]

To: mikenola
"Cyberterrorism" is on overplayed threat, imo. Fortunately our enemies tend to be primitivists with little education or love for technology. The possibility of these yoyos mounting a orchestrated attack of a magnitude to do serious damage to national security is probably pretty remote.

On one hand, I agree with your assertion that the chances of this happening is remote due to their lack of sophistication in using technology. But on the other hand, let's not forget that some Muslims like bin Laden are men of means. In other words, what's preventing him from hiring European hackers who are anti-American and paying them untold amounts of money?

Money talks; BS runs a marathon.

165 posted on 06/04/2002 1:25:21 PM PDT by rdb3
[ Post Reply | Private Reply | To 39 | View Replies]

To: Poohbah
The biggest issue with open source is the erratic configuration management. It ranges from outstanding to abysmal, and since CM is a joint effort between the development team and the end user, it has LOTS of opportunity to break down.

Based on various security notices, that seems to be a widespread problem, regardless of source type.

166 posted on 06/10/2002 7:51:08 PM PDT by bobwoodard
[ Post Reply | Private Reply | To 44 | View Replies]

To: Bush2000
Now that the paper has been posted, what's your take?
167 posted on 06/10/2002 7:53:12 PM PDT by bobwoodard
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
That's the point, bob: Until the paper is released, none of the ABM *nix trolls should be making accusations; otherwise, they're a bunch of slanderous, lying, sacks of sh*t.

How so? Just because an accusation is made before the paper is published doesn't make it slanderous. Sure, it might turn out that way, but who's to know? As I said before, AdTI seems to have a certain mindset, when it comes to the papers they present.

No, bob. Wrong. If you want to state your opinion, fine. But if you want to assert that opinion as fact, uh uh. No way. Nonsense. Evidence is based on fact. If you don't have evidence, don't bother unless you want to be labeled an idiot.

What are you getting at? Notice the wording in my original post, there is a careful use of 'seem' in my statement. Are you looking for things in my post that aren't there?

But asserting one as "superior" is a religious issue.

That's why it'll be interesting to see where the paper goes.

168 posted on 06/10/2002 8:02:31 PM PDT by bobwoodard
[ Post Reply | Private Reply | To 53 | View Replies]

To: bush2000
Updated link to the AdTI paper: here
169 posted on 06/10/2002 8:04:47 PM PDT by bobwoodard
[ Post Reply | Private Reply | To 167 | View Replies]

To: Bush2000
The problem was that somebody discovered the key. It's like you left the key to your front door in the lock. That's not breaking the encryption.

True, the Xing key was unencrypted, but the other 169 had to be broken (although I'm sure that was a great deal easier, after first one was known).

170 posted on 06/10/2002 8:15:45 PM PDT by bobwoodard
[ Post Reply | Private Reply | To 155 | View Replies]

To: bobwoodard
How so? Just because an accusation is made before the paper is published doesn't make it slanderous

You will notice, bob, that it is customary to speak in terms of the "alleged offense" or the "suspect" when making unsubstantiated accusations. The presumption of innocence is a component of our legal system and, frankly, there is a fine line between opinion and slander/libel.
171 posted on 06/10/2002 10:02:55 PM PDT by Bush2000
[ Post Reply | Private Reply | To 168 | View Replies]

To: bobwoodard
Now that the paper has been posted, what's your take?

All OS platforms have security risks. Open source is no guarantee of quality.
172 posted on 06/10/2002 10:21:24 PM PDT by Bush2000
[ Post Reply | Private Reply | To 167 | View Replies]

To: Bush2000
All OS platforms have security risks. Open source is no guarantee of quality.

Very true, but their whole take about how Open Source will hurt the IT industry reminds me of Chicken Little. They spend almost the entire paper on one type of license and brush the prospect of alternative licensing away in a single paragraph. A more proper title would have been: "Opening the Open Source Debate - A Critique of the GPL License"

Here's another take on the paper, which points out some inaccuracies and misunderstandings in the AdTI paper.

173 posted on 06/10/2002 10:49:32 PM PDT by bobwoodard
[ Post Reply | Private Reply | To 172 | View Replies]

Comment #174 Removed by Moderator

To: bobwoodard
Very true, but their whole take about how Open Source will hurt the IT industry reminds me of Chicken Little. They spend almost the entire paper on one type of license and brush the prospect of alternative licensing away in a single paragraph. A more proper title would have been:

True, but as cited by the article, the GPL constitutes the vast majority of open source licenses. It therefore makes sense to focus more heavily on the licenses that are most pertinent to open source. By the way, I do agree the truly open licenses like those of BSD are the way to go, not viral IP licenses like GPL.
175 posted on 06/11/2002 12:39:09 PM PDT by Bush2000
[ Post Reply | Private Reply | To 173 | View Replies]

To: stillbornagain
The existence of Code Red and Nimda doesn't negate the truth my statement: All OS platforms have security issues. Focusing on one or two does little to address the fundamental underlying issue.
176 posted on 06/11/2002 12:40:51 PM PDT by Bush2000
[ Post Reply | Private Reply | To 174 | View Replies]

Comment #177 Removed by Moderator

To: Bush2000
Here is another interesting analysis of the AdTI paper. This one focuses on the differences between the retracted and final versions of the paper.
178 posted on 06/16/2002 5:47:05 PM PDT by bobwoodard
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 101-120121-140141-160161-178 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson