Although open-source software development has virtues, there is reason to believe that the approach would not have a significant effect on the security of today’s systems. The lion’s share of vulnerabilities caused by software bugs is easily dealt with by means other than source code inspections. And the tenets of open-source development are inhospitable to business models whose success depends on promoting secure systems. Feature Enhancement Dominates. A principle tenet of open-source development is that source code be available for review and modification. For systems having a large developer base (infrastructure software might, specialized applications won’t), this means that many are inspecting and improving the code. But one must be careful to distinguish between what is possible and what is probable. There is no reason to believe that the many eyes inspecting (open) source code would be successful in identifying bugs that allow system security to be compromised. In fact,...
Fred B. Schneider