ZDNet UK is reporting today that "think tank" Alexis de Tocqueville Institution (ADTI) has announced they will be releasing a whitepaper suggesting that open source software such as Linux and the Apache Web Server is inheritantly less secure then proprietary close source technology and therefore poses a security risk to governments.
I appreciate hearing counterpoints in any debate, but this one borders on the absurd. I'm interested to hear how this group argues their assertions. I'm even more interested to learn who they get their funding from. I find the close proximity of reports Microsoft is lobbying the Pentagon to not use open source curious. ADTI has been highly supportive of Microsoft in the recent past.
I find it hard to imagine what empirical data they can possibly back these assetions up with. How is not being able to examine and modify the code NOT an advantage to securing your network? A software applications can not pose a security risk until it is deployed. One would assume (and hope) that the US government's cybersecurity experts review all open source code and perhaps modify it to make it more secure before deploying it. This review is after thousands of eyes that review open source code while it is being developed. This is just the beginning of the arguement against ATDI's claims.
Given the many and often boneheaded security holes that are introduced by the biggest commercial software firms, this arguement is feeble and can only be supported by FUD that prey on our fears.
I can't wait to hear the response from open source evangelists like Richard Stallman and Bruce Perens on this one.
