states must consider OSS - GameCreators Forum

Author

Message

Phaelax

DBPro Master

22

Years of Service

User Offline

Joined: 16th Apr 2003

Location: Metropia

Posted: 5th Feb 2012 16:28

Link

Anyone else have mixed thoughts about this? I mean its good that open source has to be considered, but only as long as they don't become necessarily forced to use it. Using OSS has its security risks.

http://yro.slashdot.org/story/12/02/04/2259227/new-hampshire-passes-open-source-bill

"You're not going crazy. You're going sane in a crazy world!" ~Tick

Back to top

Profile PM Email Website

David R

21

Years of Service

User Offline

Joined: 9th Sep 2003

Location: 3.14

Posted: 5th Feb 2012 17:51

Link

Quote: "Using OSS has its security risks. "

Using any software has security risks. If you're implying it's less secure because the source is available then... facepalm is all I can say.

09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c0

Back to top

Profile PM Email Website

Jeku

Moderator

21

Years of Service

User Offline

Joined: 4th Jul 2003

Location: Vancouver, British Columbia, Canada

Posted: 5th Feb 2012 18:57

Link

Quote: "If you're implying it's less secure because the source is available then... facepalm is all I can say."

It's easier to find exploits in open source software, obviously. Less secure, well that depends on the code itself.

Senior Developer - CBS Interactive Music Group

Back to top

Profile PM Website

IanM

Retired Moderator

22

Years of Service

User Offline

Joined: 11th Sep 2002

Location: In my moon base

Posted: 5th Feb 2012 20:56

Link

Quote: "Anyone else have mixed thoughts about this? ... Using OSS has its security risks."

There are no more risks to using OSS than to using closed source software. I'd actually guess that the risks go the other way though, due to having more eyes on the code - I couldn't prove it either way though, and so far, neither can anyone else.

The big part of this IMO is actually the promotion of open data formats. TBH, I couldn't care less how the data was produced as long as I don't have to buy software I wouldn't otherwise need to access it.

Get the latest Matrix1Utility plug-ins (11-SEPT-2011)

Back to top

Profile PM Email Website

Phaelax

DBPro Master

22

Years of Service

User Offline

Joined: 16th Apr 2003

Location: Metropia

Posted: 6th Feb 2012 01:44

Link

Quote: "It's easier to find exploits in open source software"

That's sort of why I consider OSS 'possibly' less secure.

"You're not going crazy. You're going sane in a crazy world!" ~Tick

Back to top

Profile PM Email Website

IanM

Retired Moderator

22

Years of Service

User Offline

Joined: 11th Sep 2002

Location: In my moon base

Posted: 6th Feb 2012 19:54

Link

That's not the only way to look at it. Many eyes on the code could also mean that exploits can be seen and fixed more easily.

As a 'for instance', I offer Open BSD - certainly one of the most secure popular OSs available.

Get the latest Matrix1Utility plug-ins (11-SEPT-2011)

Back to top

Profile PM Email Website

Daniel TGC

Retired Moderator

18

Years of Service

User Offline

Joined: 19th Feb 2007

Location: TGC

Posted: 6th Feb 2012 21:00

Link

Unlike commercial-ware were you have to rely on the company noticing, caring or having the time to fix discovered flaws, with OSS you can hire a developer to plug the hole yourself. For any truly security conscious company, wouldn't that be a massive boon?

Back to top

Profile PM Email Website

kaedroho

17

Years of Service

User Offline

Joined: 21st Aug 2007

Location: Oxford,UK

Posted: 6th Feb 2012 21:34 Edited at: 6th Feb 2012 21:46

Link

OSS has less security problems than closed source software. This is because hackers are able to view the source code and find holes. Most hackers are white hat hackers and will submit a patch if they find a hole.

Most closed source software rely on the fact that their software is closed source for their security. This is not security, this is obscurity. Recently some code from a piece of semantec software was leaked and many holes were found.

OSS developers care a lot more about security than closed source developers. This is mainly because they know that the world will be able to see their code and they do not want any holes to be discovered.

Another thing is that a lot of OSS code is shared. This makes security holes much less likely as the developer doesn't have to develop as much. Lets take SSL for example. If every program in the OSS world had to write their own implementation of SSL, you will find some implementations will have security holes. If an expert in SSL developed an SSL libarary (like OpenSSL) and the developers used it, security holes will be much less likely to pop up. If they did find a hole in the SSL library, it only has to be fixed in one place. Eventually, you end up with a rock solid security library which anyone can use so they don't have to make their own implementation and risk creating security holes. Most open source programs are built from other peoples code and I bet in many cases, most of the code in a piece of open source software was actually developed for a different project.

Another reason why closed source software is less secure is the fact that its closed source software. It could be doing anything! You find that people often do security audits of open source software to find security holes and to make sure the developer is behaving and not harming the users PC or sending any data without authorisation. Microsoft have the power to load any program they wish on to anyone's PC without permission and without telling them what it does through a little tool called "Windows Update".

Back to top

Profile PM Email Website

Imhoptep

16

Years of Service

User Offline

Joined: 16th Jun 2008

Location:

Posted: 7th Feb 2012 14:34

Link

Wish they would give more consideration to OSS software in our education system over here. Being primarily a Linux user it can be quite difficult when a college or a school targets the work at packages like MS Office, they will teach you an MS specific method of doing something when there is a perfectly reasonable alternative method that will work for most word processors or spreadsheet packages and will also make the skills learned more versatile. unfortunately since most state organisations over here have some sort of Microsoft partnership I don't see that happening any time soon.

Back to top

Profile PM

data 98junkiee

20

Years of Service

User Offline

Joined: 19th Jan 2005

Location: England

Posted: 7th Feb 2012 14:53

Link

I think since open source software has come of age and has proven itself to be at least comparable to proprietary software that states and governments should give it a very good amount of consideration. even if just to save a bit public money, especially considering the current cutbacks that most states and countries are having to make recently. (If you're in a position where you can ditch software licenses to save jobs then its definitely a no-brainer)

Back to top

Profile PM Email Website

David R

21

Years of Service

User Offline

Joined: 9th Sep 2003

Location: 3.14

Posted: 7th Feb 2012 19:59 Edited at: 7th Feb 2012 20:00

Link

Quote: "It's easier to find exploits in open source software, obviously"

It may be easiER but it isn't that difficult to find flaws in closed source applications to begin with. Windows for example - hackers rarely find flaws themselves and actually reverse engineer the patches designed to fix them (so if the issue is identified internally, reverse engineering the patch that is eventually released allows determination of what exploit can be used on unpatched machines)

Also I think with modern static analysis, fuzzing and auditing it's not so common to see purely in-code flaws like overruns: often it's the configuration data or the way its used in combination with some other service that poses a greater risk

09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c0

Back to top

Profile PM Email Website

Sorry your browser is not supported!

Geek Culture / states must consider OSS