Alan Cox: Open Source not inherently safer or better

Alan Cox, one of the original giants of the Linux world, used a speech at London LinuxWorld to warn against the presumption that open source projects are inherently safer and less buggy than closed source ones. "Things appear in the media like open source software is more secure, more reliable and there are less bugs," Cox declared in a report on the British branch of ZDNet. That analysis only applies to large, well known projects, he continues. In reality, most open source projects are anything but secure. An analysis of 150 SourceForge projects is unlikely to provide the same good results as an analysis of something like the Linux kernel. "High quality only applies to some projects — those with good code review and those with good authors," Cox stated in his speech. Cox is currently employed by Red Hat as a kernel developer.

The constant bickering as to whether Microsoft or Linux is the safer product unfortunately ignores important points, Cox feels. Both sides have at this point invested in security, including significant sums raised to pay hackers to break into open source systems, he notes.

Cox's speech also took a dig at the "Software Quality Observatory for Open Source Software" (SQO-OSS)" project [ticker:uk_79756 initiated] by the EU Commission. It is intended to measure the quality of open source code. The idea of implementing evaluations isn't a bad one, Cox claims. Yet the methodology is problematic. If a product has 14 errors and you close the 13 uncritical ones right away but leave the critical one open, then the procedure is not effective, Cox stated.

(ehe)