Förderverein Informationstechnik und Gesellschaft
Closed source is more secure -- MS
By: Kevin Poulsen
Posted: 13/04/2001 at 08:27 GMT
The head of Microsoft's security response team argued here Thursday that closed source software is more secure than open source projects, in part because nobody's reviewing open source code for security flaws.
"Review is boring and time consuming, and it's hard," said Steve Lipner, manager of Microsoft's security response center. "Simply putting the source code out there and telling folks 'here it is' doesn't provide any assurance or degree of likelihood that the review will occur."
The comments, delivered at the 2001 RSA Conference, were a challenge to one of the tenets of open source, that 'with many eyes, all bugs are shallow.'
Lipner closed by warning that the nature of open source development may lend itself to abuse by malicious coders, who could devilishly clever 'trapdoors' in the code that escapes detection, hidden in plain sight.