Linux guru warns on security of open-source

Submit

Alan Cox, one of the most respected figures in the UK open-source community, has warned about complacency over the security of open-source projects.

Speaking to delegates at London's LinuxWorld conference on Wednesday, he emphasised that considerable sums of money were being spent in attempting to hack into open-source systems.

And he cautioned that many open-source projects were far from secure.

"There is a lot of money going into security, but the situation is worse, because there is a lot of money going into breaking security. People are being paid to work breaking down software systems," Cox, who is employed by Linux seller Red Hat, told delegates.

"Things appear in the media, like 'open-source software is more secure, more reliable and there are less bugs.' Those are very dangerous statements," Cox said.

Cox said that analysis looks only at well-known projects. An analysis of 150 projects from SourceForge, a repository for open-source code, would not result in the same high marks that the Linux kernel would get, he noted. "High-quality only applies to some projects -- those with good code review and those with good authors," Cox said.

"The debate of Microsoft saying 'Look how secure we are' versus Linux saying 'We're more secure' is not looking at the important points," he added.

Cox, who has been closely involved with the development of the Linux kernel for many years, also took the opportunity to take a swing at a newly launched project that promises to measure the quality of open-source code.

The Software Quality Observatory for Open Source Software (SQO-OSS), funded by the European Commission, was launched on Monday. Cox told delegates that metrics must not become targets.

"It is good to build metrics, and SQO-OSS has great potential," he said. "But there are problems with this, and there are risks associated with that kind of methodology.

"If you are working with metrics and you have 14 bugs, you fix the 13 easy ones, and the one hard one can wait. That happens in the security world, but it becomes inefficient."

Richard Thurston reported for ZDNet UK in London.

Talkback

ZDNet Australia Live

Biometric bugs too dangerous for public? http://t.co/rDh6rXKC

5 minutes ago by ForshawFlip on twitter, retweet

Qld govt IT to be raked by audit http://t.co/LernzEK9

10 minutes ago by JamesVickery on twitter, retweet

by http://t.co/vmlLt4bh: Qld govt IT to be raked by audit: Queensland IT Minister Ros Bates has begun the post-el... http://t.co/6VOUJv8t

15 minutes ago by InternetTechSec on twitter, retweet

Every cloud needs an SOA lining: analyst http://t.co/SjgLjFWI

15 minutes ago by Wippy0012 on twitter, retweet

Qld govt IT to be raked by audit http://t.co/9zsECPBI via @zdnetaustralia

15 minutes ago by c00lson on twitter, retweet

The Queensland Government is conducting an IT audit across its agencies to find every saving it can http://t.co/1sFpAuWe ^ST

15 minutes ago by zdnetaustralia on twitter, retweet

Three tips for businesses to support connected customers http://t.co/7Q9qDgvs

15 minutes ago by Wippy0012 on twitter, retweet

Android, Apple iOS run away from pack: Can Windows Phone challenge at all?: And there's little marketing behind ... http://t.co/1x9Fcs0I

25 minutes ago by CellBuzzMarket on twitter, retweet

Android, Apple iOS run away from pack: Can Windows Phone challenge at all?: And there's little marketing behind ... http://t.co/j5jMtvxw

25 minutes ago by OztxtMarketing on twitter, retweet

Android, Apple iOS run away from pack: Can Windows Phone challenge at all?: And there's little marketing behind ... http://t.co/h5hiFPNi

25 minutes ago by QuickAssist on twitter, retweet

Download Angry Birds Space free

28 minutes ago by EminnyAssence on iiNet undercuts Internode with NBN pricing

Android, Apple iOS run away from pack: Can Windows Phone challenge at all?: And there's little marketing behind ... http://t.co/EXCo3BwP

40 minutes ago by jMObileMarketer on twitter, retweet

Biometric bugs too dangerous for public? http://t.co/ZPLBmZsE

40 minutes ago by Cloud9Truths on twitter, retweet

by http://t.co/vmlLt4bh: Biometric bugs too dangerous for public?: Vulnerabilities in biometric systems are too d... http://t.co/oQF37XWi

45 minutes ago by InternetTechSec on twitter, retweet

Biometric bugs too dangerous for public?: Vulnerabilities in biometric systems are too dangerous to allow the ge... http://t.co/u3hubCwC

45 minutes ago by NewsinIT on twitter, retweet

Biometric bugs too dangerous for public?: Vulnerabilities in biometric systems are too dangerous to allow the ge... http://t.co/Ond1gbKG

45 minutes ago by oztechguy on twitter, retweet

Should bug hunting for biometric systems be restricted to govt and industry? http://t.co/oj0oOkv7 ^ML

45 minutes ago by zdnetaustralia on twitter, retweet

I think the CBA point here is fairly much moot now. There was some, limited, argument for it before the NBN began, but as many people hav...

1 hour ago by seven_tech on NBN cost-benefit analyses are so 2011

NBN's Tassie upgrade to cost $1.3 million: NBN Co will spend $1.3 million on replacing outdated network technolo... http://t.co/LCq84LB0

1 hour ago by ozspeedtest on twitter, retweet

Govt urges telcos to team up against NBN Co: The Department of Broadband, Communications and the Digital Economy... http://t.co/E6axgFc2

1 hour ago by ozspeedtest on twitter, retweet

Refund for some Facebook investors http://t.co/stdpGowE

1 hour ago by ForshawFlip on twitter, retweet

Finding PCI-compliant cloud providers #in http://t.co/atLHOabj via @zdnetaustralia

1 hour ago by KeithSchultheis on twitter, retweet

Refund for some Facebook investors http://t.co/tUUxRbJd

2 hours ago by JamesVickery on twitter, retweet

RT @zdnetaustralia: Is Windows Phone really the third challenger to Android and iOS? http://t.co/2V9xgN6d

2 hours ago by smsmybiz on twitter, retweet

Cloud inefficiency - Bad habits are hard to break | ZDNet http://t.co/j4pda3KC

2 hours ago by SRobinsonQLD on twitter, retweet

30 servers to 7: BUPA redoes virtualisation http://t.co/EPL5pPpl via @zdnetaustralia

2 hours ago by richard_youssef on twitter, retweet

Refund for some Facebook investors http://t.co/TdKeV7y0

2 hours ago by Cloud9Truths on twitter, retweet

Research key to good apps: Westpac CIO http://t.co/tqHNyHs5

2 hours ago by DreweApps on twitter, retweet

by http://t.co/vmlLt4bh: Refund for some Facebook investors: Morgan Stanley, the lead investment bank in Facebook... http://t.co/TZuND7bC

2 hours ago by InternetTechSec on twitter, retweet

Refund for some Facebook investors: Morgan Stanley, the lead investment bank in Facebook's troubled initial publ... http://t.co/tmiz9zwu

2 hours ago by NewsinIT on twitter, retweet

Refund for some Facebook investors: Morgan Stanley, the lead investment bank in Facebook's troubled initial publ... http://t.co/g1t9N5Pb

2 hours ago by oztechguy on twitter, retweet

IT Priorities: servers and storage http://t.co/E1U97jCk

3 hours ago by ForshawFlip on twitter, retweet

RT @rladvisory: Video - Rob Livingstone @EVOLVECloud 'Getting cloud adoption right' - @zdnetaustralia http://t.co/G6GwvJCp http://t.co/nJrIY3vA @rladvisory

3 hours ago by amalabha on twitter, retweet

What's happening now with storage and servers? We delved into the area in our IT Priorities webinar series. http://t.co/XmLAsln8 ^ST

3 hours ago by zdnetaustralia on twitter, retweet

RT @rladvisory: ZDNet Video of my recent Executive Keynote presentation delivered at the EVOLVE.Cloud conference entitled...: http://t.co/2h9hEno2

3 hours ago by amalabha on twitter, retweet

IT Priorities: servers and storage: In November 2011, ZDNet Australia published the results of its IT Priorities... http://t.co/uOxpN90t

3 hours ago by oztechguy on twitter, retweet

IT Priorities: servers and storage http://t.co/iQ6oT7qe

3 hours ago by JamesVickery on twitter, retweet

Reading this article is like stepping back in time. If I was Paul Berryman I would hang my head in shame. How embarrassing!!! I can’t b...

3 hours ago by MikeSkoey on 30 servers to 7: BUPA redoes virtualisation

The registration sticker provided a visual reminder to the driver to renew regardless of what happened to the renewal letter. The experie...

4 hours ago by dccharron on NSW ditches rego stickers for tech

"xfire: Why is telecommunications being treated different to roads, water and electricity?" Good question, my guess is AUS is far behind...

4 hours ago by ngoctranminh on Five pros and cons of the NBN

Thanks for the response Luke, Given that the quotes are accurate, then the person in charge of the Vic Health App needs to find another j...

4 hours ago by butterflyeffecs on Android fragmentation steers Vic Health

Nice analogy. Another factor is whether you can find 50 people with powerful enough weapons. Minassian's argument is essentially that the...

4 hours ago by Mukimu on National Botnet Network coming: Earthwave

It's nice to see Tas finally get some decent internet connectivity, for too long Tas has been stooged on decent internet connectivity but...

4 hours ago by Jingles on NBN's Tassie upgrade to cost $1.3 million

Who is Luke Hartsuyker? He must be the Apprentice FUDster. As PaulPC has already said regional consumers want, deserve and are entitled...

5 hours ago by dickster on Regional review highlights NBN, mobile

Its good to see the NBN keeping up with the latest equipement & letting the people benefit from it. After all thats why it was a trial, ...

5 hours ago by fibretech on NBN's Tassie upgrade to cost $1.3 million

Shadow Minister for Regional Communications Luke Hartsuyker has got it wrong. Regional consumers want improved mobile services AND the NB...

6 hours ago by PaulPC on Regional review highlights NBN, mobile

Just remember that Google haven't broken any laws here, they're just doing what all their other multinational competitiors do; minimise t...

6 hours ago by Pachanga on Much ado about Google's tax

ルイヴィトンバッグ : http://www.lovebagjp.com/ Louis Vuitton bags, Louis Vuitton pretension nose about，Louis Vuitton daydre...

7 hours ago by bundLourb on Reservoir blogs: Fan fakes Tarantino diary

シャネルバッグ : http://www.bagssalejp.org/ Chanel trap,chanel shekels,gucci bags,direct purse，poor recent Louis Vuitton keep...

9 hours ago by bybrinkLync on Reservoir blogs: Fan fakes Tarantino diary

I guess but in both cases, dead body!

19 hours ago by Doubt on National Botnet Network coming: Earthwave

I think it's for the very reasons you mention in your first paragraph that there is no CBA. With the ideological differences and vested ...

19 hours ago by RealismBias on NBN cost-benefit analyses are so 2011

Good points; but how do you establish consensus about the terms of reference of a cost-benefit analysis? What is to be included? How far ...

19 hours ago by Gwyntaglaw on NBN cost-benefit analyses are so 2011

I live in a small country town & have done since 2002. When I got to this town it had no mobile phone & no broadband. The only reason w...

20 hours ago by fibretech on Regional review highlights NBN, mobile

Hi there, just became alert to your blog through Google, and found that it is really informative. I am going to watch out for brussels. I...

20 hours ago by Uttedsips on Fujitsu Stylistic ST5011

Like most things in life, the devil is in the details. If a cost benefit analysis included a societal element, I'm certain nobody on eit...

20 hours ago by RealismBias on NBN cost-benefit analyses are so 2011

This story has been voted 12000 times in the last 24 hours!

1 day ago, Is Bill Gates a great leader?

This story has been voted 10 times in the last 24 hours!

2 days ago, CeBIT 2012 opens: photos

This story has been voted 15 times in the last 24 hours!

2 days ago, Lenovo ThinkPad 3G tablet (32GB)

Keep up with ZDNet Australia

Inside ZDNet Australia

ZDNet / Linux / Story

Linux guru warns on security of open-source

Topics

Top related stories

Related gallery

Related stories

Talkback

Tech Blueprint

ZDNet Australia Live

Facebook Activity

Keep up with ZDNet Australia

ZDNet Events Calendar

Plan Comparison

Sponsored resources

Inside ZDNet Australia

Services