Is Open Source Wide Open? Not So Fast
According to Aberdeen Group, the Computer Emergency Response Team, which is based at Carnegie Mellon University, has determined that various forms of open source software -- including Linux -- have grabbed the title of biggest security Relevant Products/Services from IBM risk, edging out Microsoft.
Apparently, 16 of the 29 security advisories issued by CERT during the first 10 months of this year were for Linux or open source software. Six were issued for Microsoft. Let's ponder this for a moment.
These advisories represent only a small subset of all vulnerabilities -- those that are issued for the most serious problems -- and many of them involve open source software that is not necessarily part of the core Linux OS.
One potential explanation for the increase in the number of open source vulnerabilities is that such products' growing popularity creates a bigger target for attackers.
In fact, this has become a major selling point for Apple Latest News about Apple computers -- and a boast I hear frequently whenever I write about cyber security.
Now that many of the major computer manufacturers have chosen Linux over Windows as the operating system for their servers, I guess it was only natural for them to become targets.
According to Aberdeen, advisories about Trojan horses and viruses affecting Linux and other open source software (including Unix) increased from one in 2001 to two this year, while Microsoft went from six such advisories to none.
[ Read more ]