Open vs. closed: which source is more secure?

TitleOpen vs. closed: which source is more secure?
Publication TypeJournal Article
Year of Publication2007
AuthorsFord, R
Secondary TitleQueue

There is no better way to start an argument among a group of developers than proclaiming Operating System A to be “more secure” than Operating System B. I know this from first-hand experience, as previous papers I have published on this topic have led to reams of heated e-mails directed at me—including some that were, quite literally, physically threatening. Despite the heat (not light!) generated from attempting to investigate the relative security of different software projects, investigate we must.

Understanding why products are (and are not) secure is a critical stepping stone toward building better software.

Before wading into these dangerous waters, we should clarify the question. All too often when comparing open and closed source approaches, the question is unconsciously interpreted as Windows versus Linux. While that’s a fantastic question to knock around, doing so is a very narrow way of looking at the world, as it ignores many other projects in both the open and closed source worlds. Although it’s foolish to ignore the data points the Windows/Linux world provides, they are simply examples of the process. So, let us first strip away the misconception that the question is about these particular platforms and recognize its real breadth.

With this in mind, our answer requires three crucial definitions in order to have meaning: “What is open source?”; “What is closed source?”; and, surprisingly, “What is security?” The first two we can deal with quickly; the third is a lot subtler, however, so we shall tackle it first.

Full Text
PDF icon p32-ford.pdf395.52 KB