Abstract
Is open source software more secure? What aspects of open source development make security easier or harder? This presentation will address the myths and realities of secure open source development, drawing on the writings of recognized security experts and the presenter's own experience with the open source  Mozilla  project. The first part of the presentation explains the purported advantages of the open source model for security: widespread peer review, open protocols, and independent auditing. The second part discusses common objections to secure open source software, such as the problem of making implementation details and weaknesses available to potential attackers. Many arguments against the security of open source are based on misconceptions, though the method does have its pitfalls and limitations. This presentation will attempt to separate fact from hype. The final section will be an overview of the Mozilla group's efforts to increase the security of its Web browser, utilizing the efforts of open source contributors and testers, and the pitfalls encountered along the way. |