Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Is open source to blame for the Heartbleed bug?

Tony Bradley | April 10, 2014
By now you've likely heard about the Heartbleed bug, a critical vulnerability that exposes potentially millions of passwords to attack and undermines the very security of the Internet. Because the flaw exists in OpenSSL--which is an open source implementation of SSL encryption--many will question whether the nature of open source development is in some way at fault. I touched based with security experts to get their thoughts.

The truth is insecure code is not an open source vs. closed source debate. In spite of much tighter control of software development, and management of source code, crucial security flaws are still frequently discovered in commercial software that customers pay a lot of money for.

"Finger pointing at the open source development communities or persons or processes isn't going to fix the problem," notes Andrew Storms, senior director of DevOps for CloudPassage. "Open source software along with commercial software will always have bugs."

So, while it's natural to look for a scapegoat for a flaw of this magnitude, it would be foolish to dismiss the many benefits of open source in the name of security.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.