Small projects using the cathedral model: does open-source lower security?
Posted
by
Anto
on Programmers
See other posts from Programmers
or by Anto
Published on 2011-02-25T16:24:32Z
Indexed on
2011/02/25
23:33 UTC
Read the original article
Hit count: 453
We know of Linus' law:
With enough eyeballs all bugs are shallow
In general, people seem to say that open-source software is more secure because of that very thing, but...
There are many small OSS projects with just 1 or 2 developers (the cathedral model, as described by ESR). For these projects, does releasing the source-code actually lower the security? For projects like the Linux kernel there are thousands of developers and security vulnerabilities are quite likely going to be found, but when just some few people look through the source code, while allowing crackers (black hat hackers) to see the source as well, is the security lowered instead of increased?
I know that the security advantage closed-source software has over OSS is security through obscurity, which isn't good (at all), but it could help to some degree, at least by giving those few devs some more time (security through obscurity doesn't help with the if but with the when).
EDIT: The question isn't whether OSS is more secure than non-OSS software but if the advantages for crackers are greater than the advantages for the developers who want to prevent security vulnerabilities from being exploited.
© Programmers or respective owner