The ability to access the code of open-source applications may give attackers an edge in developing exploits for the software, according to a paper analyzing two years' worth of attack data. The paper, to be presented this week at the Workshop on the Economics of Information Security, correlated 400 million alerts from intrusion detection systems with known attributes of the targeted software and vulnerabilities.
The data supports the assertion that flaws in open-source software tend to be attacked more quickly and more often than vulnerabilities in closed-source software, says Sam Ransbotham, assistant professor at Boston College's Carroll School of Management and the author of the paper.

Using nonlinear regression and other models, Ransbotham found that attacks on vulnerabilities in open-source software occurred three days sooner and with nearly 50 percent greater frequency. Ransbotham argues that knowledge of how to exploit a particular vulnerability spreads similar to the diffusion of technological innovation.

The link for this article located at Technology Review is no longer available.