Does Open Source Improve System Security?

Authors:
Brian Witten;Carl Landwehr;Michael Caloyannides
Affiliations:
-;-;-
Venue:
IEEE Software
Year:
2001

Citing 7
Cited 9

A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior

IEEE Transactions on Software Engineering
Reflections on trusting trust

Communications of the ACM
Denial-of-Service Attacks Rip the Internet

Computer
News Briefs

Computer
Cryptoanalysis of the Cellular Encryption Algorithm

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Building Diverse Computer Systems

HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7

Securing web application code by static analysis and runtime protection

Proceedings of the 13th international conference on World Wide Web
Increased security through open source

Communications of the ACM - The patent holder's dilemma: buy, sell, or troll?
Open Source Drives Innovation

IEEE Software
Empirical study of the effects of open source adoption on software development economics

Journal of Systems and Software
Open source vs. closed source software: towards measuring security

Proceedings of the 2009 ACM symposium on Applied Computing
A survey on security in JXTA applications

Journal of Systems and Software
Secure open source collaboration: an empirical study of linus' law

Proceedings of the 16th ACM conference on Computer and communications security
Strengthening the empirical analysis of the relationship between Linus' Law and software security

Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement
Organizational social structures for software engineering

ACM Computing Surveys (CSUR)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Most commercial software producers guard access to the source code of their systems, making it difficult for anyone outside their organizations to apply a variety of measures that could potentially improve system security. But since an attacker could also examine public source code to find flaws, would source code access be a net gain or loss for security? The question goes beyond the technical issues involved because publishing source code reveals intellectual property and therefore affects the producer's business model. We consider this question from several perspectives and tentatively conclude that having source code available should on balance work in favor of system security.