Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Open source code contains fewer defects, but there's a catch

Paul Rubens | Nov. 19, 2014
Research suggests that software developed using open source code contains fewer defects than that built with proprietary code. The catch is that open source code rarely benefits from security teams specifically tasked with looking for bugs.

For businesses that decide to use open source code from projects that may not have the resources to devote to security, there's always the option to have the code audited by a suitably qualified person or team.

Such audits can be expensive and time-consuming, though, so it could be that large companies or even industry groups end up funding these projects for the benefit of the wider community of users. Alternatively, crowd-funding audits -- in the way that the TrueCrypt audit has been funded since it shut down in May -- may become increasingly common.

When it comes to the core open source projects, such as OpenSSL, which make up much of the software infrastructure on which the Internet operates, the Linux Foundation's Core Infrastructure Initiative may make a significant difference. Funded by the likes of Microsoft, IBM, Google and Dell, it aims to provide resources to assist these projects in improving their security and paying for outside code reviews.

Confidence in open source software has certainly taken a hit over the last several months -- but, in the end, it's worth remembering that all software can be found to contain code defects. What's more, there's certainly no evidence that software developed using the open source model is more likely to contain serious defects that any other type of software.


Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.