Abstract | The last few years have shown a worldwide rise in the attention for, and
actual use of, open source software (OSS), most notably of the operating
system Linux and various applications running on top of it. Various major
companies and governments are adopting OSS. As a result, there are many
publications concerning its advantages and disadvantages. The ongoing discussions
cover a wide range of topics, such as Windows versus Linux, cost
issues, intellectual property rights, development methods, etc. Here we wish
to focus on security issues surrounding OSS. It has become a reasonably
well-established conviction within the computer security community that
publishing designs and protocols contributes to the security of systems built
on them. But should one go all the way and publish source code as well?
That is the fundamental question that we wish to address in this paper.
|