Chapter 24. Open Source Security: A Red Herring
If you’re reading this book, there’s a good chance you’re at least familiar with the open source software movement. Lots of people, from students to professionals working part-time, write free software that anybody else can take and modify, if they so desire. A surprising number of large companies make major contributions to open source software, including giant IBM. Many important pieces of software are open source, including Apache, which is the number-one web server platform (about half the websites on the Internet use Apache).
About a decade ago, a guy named Eric S. Raymond started evangelizing open source outside the world of the super geeks, into the corporate world, governments, and so on. One of the claims he made was that open source software was more secure than closed source software because of the “many eyeballs” theory. He believed that, because the source is freely available, lots of people will look for security flaws in it in a way that isn’t going to happen in the commercial world.
That argument is BS, and I have said so pretty loudly throughout the past decade.
Don’t get me wrong—I love open source software! But, typically, when I write an article on this topic, people will say something like, “Clearly you don’t know anything about open source, because if you did, you would realize it is just so much better than commercial software!” Then I mention that I’ve written a lot of open source software, including Mailman, the ...
Get The Myths of Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.