Busy — Sun, 03 Sep 2006 10:23:48 +0000

There are a lot of sites around that do list security bugs/issues with opensource programs (after the contact the owner/developer), do a search for xxxx bugs (xxxx being the program name) or xxxx security

Blue — Sat, 02 Sep 2006 22:33:13 +0000

Very helpful responses, thankyou. The general consensus seems to be that the individual software package is more important than whether it's free. So the next question is how does one evaluate a program. Are there any sites that monitor or evaluate the relative security of different software?

Blue

Shirthead — Sat, 02 Sep 2006 11:23:38 +0000

True - I did correct it later in the post though.

Abhishek Reddy — Sat, 02 Sep 2006 11:17:42 +0000

Shirthead wrote: paid software than opensource.

This is an invalid distinction, please refer to my first post in this thread.

Shirthead — Sat, 02 Sep 2006 10:52:31 +0000

In my personal experience I've had more security issues with paid software than opensource. How representative that is I don't know, but I certainly would not be put off something because it is open source and because that could mean more security issues - that logic is just flawed (and usually used by people getting commission off paid solutions!).

However a piece of software is produced I would look at it on it's own merits before using it. Whether it was open or closed source would not factor in to the question about security other than so far as as if a hole is discovered in an OS solution you can always close it yourself.

Abhishek Reddy — Sat, 02 Sep 2006 06:38:57 +0000

photoshop250 wrote: I think that non free software is less secure......look at windows. I think this is because the companies that create such programs are more worried about the bottom line and if they have to take a few short cuts then so be it. Free and open source software on the other hand is created by people for the fun and passion of doing it and they will try their best to make it secure within their abilities

I partially agree with that. I would restate it as: when free software is more secure, it is often because of ..., rather than free software is always more secure because of ....

Solaris/SunOS is possibly a good example of non-free software being more secure (than some variants of GNU, out of the box).

It's difficult to generalise.

photoshop250 — Sat, 02 Sep 2006 04:46:10 +0000

I think that non free software is less secure......look at windows. I think this is because the companies that create such programs are more worried about the bottom line and if they have to take a few short cuts then so be it. Free and open source software on the other hand is created by people for the fun and passion of doing it and they will try their best to make it secure within their abilities

demonhale — Sat, 02 Sep 2006 03:50:34 +0000

Good thing about OS software is that updates and security patches are more frequently released, thus newer holes and bugs get fixed quickly until its rock solid. The success of OS software are the team and support behind it... So Its also surmise to say that OS software can sometimes be more Secure...

Todmeister — Sat, 02 Sep 2006 02:17:49 +0000

SugarCRM & oscommerce.com, PHP is only as good as the community surrounding it!

A good community will have hundreds if not thousands of coders working & contributing to
the open source software for patches & customizations, as where off the shelf dictates when
& where security patchs come out & customizations are out of the question!

Abhishek Reddy — Fri, 01 Sep 2006 14:18:19 +0000

Blue wrote: which is more secure - open source or commercial.?

There is no such distinction. Lots of free, libre and open source software is commercial, and vice versa. You could pay for free software, or you could receive non-free software at no monetary cost. Free software is about freedom, not price.

If you're asking about the security of free vs non-free software, then consider the success of Apache, Firefox, OpenSSH, GnuPG, and BSD compared with IE, IIS, Windows, etc. There is no reason to think that non-free software is inherently more secure.

Indeed, some people think that an open development model is more conducive of secure software, because any number of people can review code and fix bugs. Secure design, development and usage practices are customary in the free software world anyway, so the architecture of systems tends to be robust and easy to harden.

Of course, this isn't always the case. Some non-free software is implemented well, just as some free software is implemented poorly. The point is that generalisations like the one your programmer made are useless. Regardless what software you choose, you should audit them before having confidence in their security.