Is Open Source Wide Open? Not So Fast

Tuesday, 26 November 2002, 3:05 PM EST

According to Aberdeen Group, the Computer Emergency Response Team, which is based at Carnegie Mellon University, has determined that various forms of open source software -- including Linux -- have grabbed the title of biggest security Relevant Products/Services from IBM risk, edging out Microsoft.

Apparently, 16 of the 29 security advisories issued by CERT during the first 10 months of this year were for Linux or open source software. Six were issued for Microsoft. Let's ponder this for a moment.

These advisories represent only a small subset of all vulnerabilities -- those that are issued for the most serious problems -- and many of them involve open source software that is not necessarily part of the core Linux OS.

One potential explanation for the increase in the number of open source vulnerabilities is that such products' growing popularity creates a bigger target for attackers.

In fact, this has become a major selling point for Apple Latest News about Apple computers -- and a boast I hear frequently whenever I write about cyber security.

Now that many of the major computer manufacturers have chosen Linux over Windows as the operating system for their servers, I guess it was only natural for them to become targets.

According to Aberdeen, advisories about Trojan horses and viruses affecting Linux and other open source software (including Unix) increased from one in 2001 to two this year, while Microsoft went from six such advisories to none.

[ Read more ]


The big picture of protecting and securing Big Data

Today almost every company is dealing with big data in one way or another – including customer data, tracking data, and behavioral marketing information – connecting every aspect of our lives. While this is a cutting edge use of technology, data monitoring can become dangerous when placed in the wrong hands.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Aug 28th