Advertisement
Promo

Enterprise open source Toolkit

Red Hat's Cox warns on open source security

Richard Thurston ZDNet.co.uk

Published: 26 Oct 2006 12:20 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Alan Cox, one of the most respected figures in the UK open source community, has warned of complacency over the security of open source projects.

Speaking to delegates at London's LinuxWorld conference on Wednesday, he emphasised that considerable sums of money were being spent to try and hack into open source systems.

And he cautioned that many open source projects were far from secure.

"There is a lot of money going into security, but the situation is worse because there is a lot of money going into breaking security. People are being paid to work, breaking down software systems," Cox, who is employed by Red Hat, told delegates.

"Things appear in the media like open source software is more secure, more reliable and there are less bugs. Those are very dangerous statements," Cox said.

"That analysis just looks at well-known projects. If you take 150 projects from SourceForge [a repository for open source code], you do not get the same marks as you would with the Linux kernel. The debate of Microsoft saying 'Look how secure we are' versus Linux saying, 'We're more secure' is not looking at the important points.

"High quality only applies to some projects — those with good code review and those with good authors," Cox added.

Cox, who has been closely involved with the development of the Linux kernel for many years, also took the opportunity to take a pop at a newly launched project which promises to measure the quality of open source code.

The Software Quality Observatory for Open Source Software (SQO-OSS) is funded by the European Commission and it launched on Monday. Cox told delegates that metrics must not become targets.

"It is good to build metrics, and SQO-OSS has great potential," he said. "But there are problems with this and there are risks associated with that kind of methodology.

"If you are working with metrics and you have 14 bugs, you fix the 13 easy ones, and the one hard one can wait. That happens in the security world, but it becomes inefficient."

LinuxWorld is running at London's Olympia conference centre until Thursday.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
348 out of 519 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Conference Producer - Virtual Events & Webinars

Linux Systems Enginee Red Hat CentOS Unix shell bash Perl MySQL

NEW BUSINESS ACCOUNT MANAGER - FINANCIAL SOFTWARE - LONDON - 40-45K Basic

Video icon

Video

Discussions

CA CA

DNA details of innocent will be kept f...

Wednesday 11 November 2009, 10:46 PM

2 comments
Tezzer Tezzer

Weak

Wednesday 11 November 2009, 10:43 PM

2 comments
CA CA

But still...

Wednesday 11 November 2009, 9:30 PM

1 comment
CA CA

Is it fair to...

Wednesday 11 November 2009, 9:00 PM

2 comments

View All


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters