Counting from Zero by Alan B. Johnston Page B
Authors: Alan B. Johnston
long, but hopefully now we're all on the same page.
Normally, when you buy or install computer software, you are using the binary or executable code. You can't actually see what the computer is doing just by looking at it - you can only observe it by running it and seeing what happens. Much of computer software is closed source - that is, the source code is kept a secret. Only people working for the company that created or owns the source code are able to inspect and fix the code.
Open source is the opposite - the source code is freely available for anyone to inspect and examine - usually published on the Internet. In fact, open source is considered 'free' software, sometimes explained as 'free as in speech, not as in beer'. That means that companies can charge money for open source software, but they can't keep the source code secret. Just as free speech allows anyone to express his or her opinion and add to a discussion, anyone can take an open source program, modify it and change it. Only, per the terms of the open source license, they must also publish the changes and alterations they made to the software.
Now, having secret source code might sound great when it comes to software security. After all, bad guys can't look through the code and find the weak points and places where they can try to crash or take over the computer. While it is possible to ‘reverse engineer’ some binaries to get an idea of the source code, the legality of doing this on closed source software is not clear, so only the bad guys do it. Any sufficiently complex piece of software (and today’s software is hugely complex) will have weaknesses and bugs, and bad guys will find them, by trial and error if nothing else. When found, they can then launch attacks using it.
Once these attacks are launched and security experts analyze them, the software will need to be fixed or patched. But only people working at that company can do this, as only they can see and change the source code. Everyone using the software is vulnerable until they fix the bug. Sometimes this can take weeks or even months!
Now, let’s compare this to open source. In an open source project, many programmers and software engineers are able to look over the code. Security researchers from all over the world are able to search for vulnerabilities and possible attacks. When they are found, any programmer can write and upload a patch to fix it. With more eyes on the code, more bugs and potential attacks are found before the bad guys can find them. When an attack happens, open source programmers will immediately analyze the attack and anyone can write the patch and fix it. As a result, in many cases, security holes can be closed more quickly with open source than with closed source software.
The open source software movement is a closely-knit community on the Internet today, encompassing both volunteers and companies. I am proud to be a part of it.
So, you can make up your mind, raptors4ever, which is more secure: closed source or open source? You can probably guess where I stand on this...
-> Your question not answered this week? Argue for your vote on the Shameless Plugging area of our discussion forum.
Chapter C.
Mick O'Malley – greatly appreciates his friends standing by him over the past few days. He can't put into words what it means to him. And rest assured, he will find out who is responsible for this! (19 comments)
Mick left LeydenTech early the next afternoon to take a break and clear his thoughts. His private key compromise had left him feeling off balance, and he felt strangely vulnerable, as if anything might happen to him at any time. He recognized the feeling as illogical, as he had already changed all his passwords and was using a new private key, but the feeling remained.
With his trip to Hiroshima fresh in his mind, Mick
Normally, when you buy or install computer software, you are using the binary or executable code. You can't actually see what the computer is doing just by looking at it - you can only observe it by running it and seeing what happens. Much of computer software is closed source - that is, the source code is kept a secret. Only people working for the company that created or owns the source code are able to inspect and fix the code.
Open source is the opposite - the source code is freely available for anyone to inspect and examine - usually published on the Internet. In fact, open source is considered 'free' software, sometimes explained as 'free as in speech, not as in beer'. That means that companies can charge money for open source software, but they can't keep the source code secret. Just as free speech allows anyone to express his or her opinion and add to a discussion, anyone can take an open source program, modify it and change it. Only, per the terms of the open source license, they must also publish the changes and alterations they made to the software.
Now, having secret source code might sound great when it comes to software security. After all, bad guys can't look through the code and find the weak points and places where they can try to crash or take over the computer. While it is possible to ‘reverse engineer’ some binaries to get an idea of the source code, the legality of doing this on closed source software is not clear, so only the bad guys do it. Any sufficiently complex piece of software (and today’s software is hugely complex) will have weaknesses and bugs, and bad guys will find them, by trial and error if nothing else. When found, they can then launch attacks using it.
Once these attacks are launched and security experts analyze them, the software will need to be fixed or patched. But only people working at that company can do this, as only they can see and change the source code. Everyone using the software is vulnerable until they fix the bug. Sometimes this can take weeks or even months!
Now, let’s compare this to open source. In an open source project, many programmers and software engineers are able to look over the code. Security researchers from all over the world are able to search for vulnerabilities and possible attacks. When they are found, any programmer can write and upload a patch to fix it. With more eyes on the code, more bugs and potential attacks are found before the bad guys can find them. When an attack happens, open source programmers will immediately analyze the attack and anyone can write the patch and fix it. As a result, in many cases, security holes can be closed more quickly with open source than with closed source software.
The open source software movement is a closely-knit community on the Internet today, encompassing both volunteers and companies. I am proud to be a part of it.
So, you can make up your mind, raptors4ever, which is more secure: closed source or open source? You can probably guess where I stand on this...
-> Your question not answered this week? Argue for your vote on the Shameless Plugging area of our discussion forum.
Chapter C.
Mick O'Malley – greatly appreciates his friends standing by him over the past few days. He can't put into words what it means to him. And rest assured, he will find out who is responsible for this! (19 comments)
Mick left LeydenTech early the next afternoon to take a break and clear his thoughts. His private key compromise had left him feeling off balance, and he felt strangely vulnerable, as if anything might happen to him at any time. He recognized the feeling as illogical, as he had already changed all his passwords and was using a new private key, but the feeling remained.
With his trip to Hiroshima fresh in his mind, Mick
Similar Books
Departure
Howard Fast
Loving War
C.M. Owens
A Colony on Mars
Cliff Roehr
InkintheBlood
Chandra Ryan
The Sheik and the Virgin Princess
Susan Mallery
Noctuidae
Scott Nicolay
It Had Been Years
Michael Malflic
Spanked by the Billionaire
Ava Joy
The Maze Runner
James Dashner
Solitude Creek
Jeffery Deaver