Is Open Source Wide Open? Not So Fast

Tuesday, 26 November 2002, 3:05 PM EST

According to Aberdeen Group, the Computer Emergency Response Team, which is based at Carnegie Mellon University, has determined that various forms of open source software -- including Linux -- have grabbed the title of biggest security Relevant Products/Services from IBM risk, edging out Microsoft.

Apparently, 16 of the 29 security advisories issued by CERT during the first 10 months of this year were for Linux or open source software. Six were issued for Microsoft. Let's ponder this for a moment.

These advisories represent only a small subset of all vulnerabilities -- those that are issued for the most serious problems -- and many of them involve open source software that is not necessarily part of the core Linux OS.

One potential explanation for the increase in the number of open source vulnerabilities is that such products' growing popularity creates a bigger target for attackers.

In fact, this has become a major selling point for Apple Latest News about Apple computers -- and a boast I hear frequently whenever I write about cyber security.

Now that many of the major computer manufacturers have chosen Linux over Windows as the operating system for their servers, I guess it was only natural for them to become targets.

According to Aberdeen, advisories about Trojan horses and viruses affecting Linux and other open source software (including Unix) increased from one in 2001 to two this year, while Microsoft went from six such advisories to none.

[ Read more ]


More than 900 embedded devices share hard-coded certs, SSH host keys

SEC Consult analyzed firmware images of more than 4000 embedded devices of over 70 vendors and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th