Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Open Source Software Joe Wilcox. What is Open Source?  Source code is published  Created via collaboration of developers  Many different.

Published byAlvin Reynolds Modified over 9 years ago

Similar presentations

Presentation on theme: "Security in Open Source Software Joe Wilcox. What is Open Source?  Source code is published  Created via collaboration of developers  Many different."— Presentation transcript:

1 Security in Open Source Software Joe Wilcox

2 What is Open Source?  Source code is published  Created via collaboration of developers  Many different kinds of open source projects  Over 1 million open source projects  Some of the biggest names in technology are using an open source development model

3 Open Source Software Myths  “If the source code is available to the public, doesn’t that make that piece of code less secure”  “If the source code is available to the public, doesn’t that make the piece of code more secure because more people are able to look at it”  “If anyone can contribute, doesn’t that mean that incompetent developers can create security flaws”

4 “…doesn’t that make that piece of code less secure”  Open Source Software is written in a way that it is secure, even though it is published  Security is not derived from the secrecy of the source code, but on the functionality of the source code  Studies show that open source software has, on average, no more or less vulnerabilities in it than privately created software  Each type of software has its pros and its cons

5 …doesn’t that make the piece of code more secure because more people are able to look at it”  More eyes on the source code helps, if they are competent eyes  Much open source software is just published and users will use it, without knowing if the software has been looked at by experts  The best open source software is open so that academics and experts can test and evaluate the software.

6 “If anyone can contribute, doesn’t that mean that incompetent developers can create security flaws”  Software developers want to have their names on legitimate software to maintain credibility as a developer  Often times, not just anyone can contribute, it’s more of an organized chaos  High-end open source software developers must go through a review process before being able to contribute code  Sometimes there are flaws in Open Source software, but there are just as many flaws in private software

7 Overall, the major difference between security in Open Source and private software  Software inherently has bugs when it is created. When one vulnerability is patched, another one opens, it’s an endless dance  When a bug is reported, Open Source software is often fixed right away, and the patch will be out within hours or days.  Privately created software often has just as many problems as open source, but the patches for those problems can be slow and expensive, or not done at all  The profit line is always kept in mind

Download ppt "Security in Open Source Software Joe Wilcox. What is Open Source?  Source code is published  Created via collaboration of developers  Many different."

Similar presentations

ConfluentMinds Solutions Socializing Knowledge

ConfluentMinds Solutions Socializing Knowledge
DSL Versus Cable Internet Whats the big deal? Kim Shuffield ETEC 562.

DSL Versus Cable Internet Whats the big deal? Kim Shuffield ETEC 562.
360 Performance Evaluations Presented By; Karl Schaub, Chris Rice & Derek Leslie.

360 Performance Evaluations Presented By; Karl Schaub, Chris Rice & Derek Leslie.
4/18/20151 Quality Costs. 4/18/20152 Learning Objectives After completion of this session you will: Understand the impact of measuring the cost of quality.

4/18/20151 Quality Costs. 4/18/20152 Learning Objectives After completion of this session you will: Understand the impact of measuring the cost of quality.
Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.

Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.
The “Lifecycle” of Software. Chapter 5. Alternatives to the Waterfall Model The “Waterfall” model can mislead: boundaries between phases are not always.

The “Lifecycle” of Software. Chapter 5. Alternatives to the Waterfall Model The “Waterfall” model can mislead: boundaries between phases are not always.
Engineering Secure Software. Does Security Even Matter?  At your table, introduce yourselves: Your name, degree, & app domain What is your favorite software.

Engineering Secure Software. Does Security Even Matter?  At your table, introduce yourselves: Your name, degree, & app domain What is your favorite software.
Securing Open Source Software: Advantages and Challenges Mitch Stoltz Head Security Engineer Netscape Client Products Division.

Securing Open Source Software: Advantages and Challenges Mitch Stoltz Head Security Engineer Netscape Client Products Division.
Applied Software Project Management Andrew Stellman & Jennifer Greenehttp://www.stellman-greene.com1 Applied Software Project Management Introduction.

Applied Software Project Management Andrew Stellman & Jennifer Greenehttp:// Applied Software Project Management Introduction.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Open Source Software …its not all for the techies. - Dan Coming.

Open Source Software …its not all for the techies. - Dan Coming.
Collaboration Team #2 Jessica Speir Joe Zeles Dave Musson Tyler Brown Motivation of remote participants Team Members:

Collaboration Team #2 Jessica Speir Joe Zeles Dave Musson Tyler Brown Motivation of remote participants Team Members:
Computer Security and Liability Roxana Hernandez-Pastrana Ryan Herring Jinghua Luo Kevin Mack Shahram Rezaei Dec. 6, 2005.

Computer Security and Liability Roxana Hernandez-Pastrana Ryan Herring Jinghua Luo Kevin Mack Shahram Rezaei Dec. 6, 2005.
SE is not like other projects. l The project is intangible. l There is no standardized solution process. l New projects may have little or no relationship.

SE is not like other projects. l The project is intangible. l There is no standardized solution process. l New projects may have little or no relationship.
Applied Software Project Management 1 Introduction Dr. Mengxia Zhu Computer Science Department Southern Illinois University Carbondale.

Applied Software Project Management 1 Introduction Dr. Mengxia Zhu Computer Science Department Southern Illinois University Carbondale.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.

What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
Host and Application Security Lesson 22: Patch Management.

Host and Application Security Lesson 22: Patch Management.
Moodle Development Why work with Moodle? What skills are required. Strategies for building up the Moodle development community in Thailand.

Moodle Development Why work with Moodle? What skills are required. Strategies for building up the Moodle development community in Thailand.
Viewsion By Frederick Seid.

Viewsion By Frederick Seid.

Similar presentations

Ads by Google