Is open source software more secure? To most Linux enthusiasts, the answer is obvious: open source means more people can look for bugs and a faster dissemination of bug fixes. Obviously, yes. But noted security expert Gene Spafford says that this may not necessarily be true. According to the Purdue professor of computer science and co-author of Practical Unix & Internet Security, good security begins with good design and neither Windows nor Linux have much to brag about in that category.. . .
Is open source software more secure? To most Linux enthusiasts, the answer is obvious: open source means more people can look for bugs and a faster dissemination of bug fixes. Obviously, yes. But noted security expert Gene Spafford says that this may not necessarily be true. According to the Purdue professor of computer science and co-author of Practical Unix & Internet Security, good security begins with good design and neither Windows nor Linux have much to brag about in that category. And while you might not agree with Spaf's assessment of the strengths of open source, you have to admit that he knows a thing or two about computer security. He's the director of Purdue's Center for Education and Research in Information Assurance and Security, and has advised a wide variety of organizations on computer security, including CERT, the FBI, the Secret Service, and the Air Force.

LP: You've been a vocal critic of both Windows and Linux's security design. What's the problem with Linux?

Spafford: Windows is awful, but well, so is Linux. Neither presents an environment that your average business user or government user or home user is able to install and use out of the box without worries. And in fact, if you look at your typical Linux distributions, with all of these tools and extra drivers and everything that's thrown on, a lot of that is programmed by people without training, without careful thought, and without careful design.

That's not the argument for the kernel. The kernel is rather tightly controlled by a small group who do have expertise.

The link for this article located at LinuxPlanet is no longer available.