[vox] Open Source and Security

[Bill Kendrick]

On Mon, Mar 01, 2004 at 12:10:39PM -0800, Byron Roberts wrote:
>  I feel like I'm totally missing something here....I thought that
> one of the big advantages of OSS was increased security, precisely
> because the code is accessible and able to be modified?  Or as a
> newbie is there some piece of information that I'm lacking?

Can't type much... only home for a bit, and bandwidth here is being drained by
a certain other person in the household, so it's a little hard to type into
SSH.

Anyway, while they may have a point when it comes to "not wanting to
touch someone else's old code" and so forth, that's really only ONE
opinion on the matter.  While one person may not want to mess with old
code, there'll most likely be someone ELSE somewhere in the world
who would be happy to.  Especially when compensation (e.g., money) is
involved.

In this case, though, the advantage Open Source has over closed source
is that there's no barrier -- technical (e.g., lack of access to source code)
or legal (e.g., copyrights and pattents) -- to getting things done.
(Changed, updated, bugfixed, etc.)

With closed-source, the barrier is immediate.  Example:

  "Hey Fred, OpenOffice.org seems to have a problem doing such-n-such"

     "Well I can try to fix it.  [pay me / I'm happy to help for free / etc.]"


Versus:

  "Hey Fred, Microsoft Office seems to have a problem doing such-n-such"

     "That sucks.  I hope they fix it and provide an update some day..."


In the first case, we assume Fred is interesting in helping, either for
compensation or not.  In the second case, it doesn't matter.  Nothing
you or Fred can do about it (except wait and hope).

If Fred was NOT interested, or lacked the technical skill or time,
even if you offered compensation, you're not stuck.  Just find
a suitable replacement for Fred.


Hoping this makes sense and kinda clears it up for you.

I'd be interested in seeing any other responses to the original CVBIG post.

-bill!