Open-source software, where software code is open to inspection by anyone, is inherently more secure than proprietary software developed by companies like Microsoft.
That’s the view of Nathaniel Borenstein, chief scientist at e-mail specialist Mimecast and a former distinguished engineer for IBM Lotus Division. Borenstein, who is in SA to speak at an information security seminar, says the “antidote” to security headaches is “openness”.
Referring to recent high-profile security breaches, such as the one involving the theft of personal details and credit card information from the Sony PlayStation Network, Borenstein says “these things wouldn’t happen nearly as often if these companies found a way to open their code to inspection”.
Open-source software involves the collaborative development of software, where source code is freely available for inspection and modification by anyone.
“The safest encryption involves people being able to read the code and see that it’s good,” he says. “When the code is there, you know a lot of smart people have had a chance to look at it.”
Borenstein says code that is reviewed by thousands or even millions of developers will be more secure than applications that have been written by companies employing far fewer developers. “Who knows what is going on inside [Microsoft] Windows?” he asks. “I don’t care how great Microsoft’s people are, the fact is more eyeballs [looking at the code] will make it safer.”
Information security, he says, comes from greater inspection of software code.
He admits it’s unlikely companies like Microsoft will ever release their code under open-source licences, but says there is precedent for large companies sharing code with others, pointing to IBM as an example of a company that enthusiastically embraced Linux, an open-source operating system.
“IBM made this bold decision to embrace Linux,” he says. “Linux is now by far the dominant operating system on its hardware and it makes tons of money from the platform. It hasn’t hurt its profits one bit. Its key competence was not in operating systems but in hardware and services provision and deployment.”
Borenstein says Microsoft ought to consider opening the “underlying level of Windows” to more inspection, to ensure its source code is more secure. “Privacy often leads to really poor systems.” — Duncan McLeod, TechCentral