Open Source Code No Less Buggy Than Commercial Apps

[HardOCP News]

This article ought to stir up a little debate. A program launched by the U.S. Department of Homeland Security to tighten open source code security says that open source code is just as buggy as commercial apps.

The 2.6 Linux kernel, for example, came through its automated scan with 913 problems identified. At press time, 452 had been fixed, 48 were verified, and plans were in place to work on the remaining 413. With its 3,639,322 lines of code, Linux's quality is far above average, with just 0.127 defects per thousand lines. Developers of Samba also have been adept at correcting vulnerabilities, Maxwell says.

 

[RadCliffeX]

can you really be surprised, software is software open or closed its all just as buggy or vulnerable to hackers.

 

[Eulogy]

News flash: Software has security holes.

Thanks.

 

[qwertyu]

The difference is that usually open source software is subjected to more scrutiny than closed software. Why call it "commercial" btw? Open source software can be commercial too.

 

[Master Blaster]

News flash: Software has security holes.

Thanks.

LOL

 

[Luthorcrow]

Actually this just sounds like proof that Open Source is often of the same quality as commerical. Which in my view proves just how good a lot of open source apps are if they are at or above the level of their commerical alts.

Some open source evangalists might consider it a knock but I think that is looking at the glass the wrong way.

 

[NKDietrich]

Same level of bugs as commercial software at 0% of the price? Sounds like a good deal to me.

 

[Eulogy]

Actually this just sounds like proof that Open Source is often of the same quality as commerical. Which in my view proves just how good a lot of open source apps are if they are at or above the level of their commerical alts.

Some open source evangalists might consider it a knock but I think that is looking at the glass the wrong way.

How buggy software is has no correlation between how "good" an app is.
I can write a BASIC app that adds 1+1 = 2. It'll have zero bugs. Does that mean it's a good, commercial app?

 

[syntx]

Open Source software were the license permits modifying or contributing to the application project can be a huge plus for companies which have the knowhow to fix it themselves.

 

[jmackay]

One of the major differences between closed and open software, is that open software has tons more people looking to fix bugs than exploit them, while closed software has people looking to exploit it rather than fix it.

 

[Eulogy]

One of the major differences between closed and open software, is that open software has tons more people looking to fix bugs than exploit them, while closed software has people looking to exploit it rather than fix it.

An open door works both ways, friend!

 

[jmackay]

An open door works both ways, friend!

Thats my point. A closed one keeps out only the friendly people not the ones trying to cause harm.

 

[TheCreator]

No shit it's just as buggy, it's a bunch of 15 year olds playing Bill Gates

 

[Eulogy]

Thats my point. A closed one keeps out only the friendly people not the ones trying to cause harm.

But would an open one not allow someone to take for granted any security holes they could find?
Take a trip with me for a moment. Lets pick on Macs for a few, shall we? That'll make Steve happy

Suddenly, somehow, Mac's take 95% of the userbase in the world. Overnight. BAM!
Since Macs inherently have an astounding amount of open source code in them, wouldn't it be terribly easy for every hacker to turn their attention to that OS and beat the hell out of it?

Lets change Mac with Linux. Then with FreeBSD. Then with OS/2. See my point?

Granted, as userbase grows, certainly so will the people who attribute to the "good" part of things. But, a much jucier target at the same time. And, with the source code out there in the wild for everyone to get their paws on... I don't think it'd be too delightful.
IMO, etc. etc.

 

[jmackay]

Open Source stuff gets patched quickly, because thousands of people are looking to fix any potential security problems they find, because they get a kick out of doing so. So while you will see more bug reports for Linux/Mac OS/{Semi - Completely Open Source Software Here}, the security breaches aren't there.

With open source you have both people defending and attacking.

Now MS/Closed is the opposite. You only have people breaking into the "bank" to steal goods, not to stop people from doing so.

 

[Skrying]

How buggy software is has no correlation between how "good" an app is.
I can write a BASIC app that adds 1+1 = 2. It'll have zero bugs. Does that mean it's a good, commercial app?

If designed to do its purpose, then yes it's an extremely good commercial application.

 

[HOCP4ME]

Now MS/Closed is the opposite. You only have people breaking into the "bank" to steal goods, not to stop people from doing so.

What do you think the MS programmers are paid to do? Oh, right, fix bugs. And unlike open source programmers, they have the motivation of money (really powerful, believe it or not) behind them.

I don't think open source is bad. Saying it produces better products than closed source is a stretch, however.

 

[*Legion*]

Suddenly, somehow, Mac's take 95% of the userbase in the world. Overnight. BAM!
Since Macs inherently have an astounding amount of open source code in them, wouldn't it be terribly easy for every hacker to turn their attention to that OS and beat the hell out of it?

Granted, as userbase grows, certainly so will the people who attribute to the "good" part of things. But, a much jucier target at the same time. And, with the source code out there in the wild for everyone to get their paws on... I don't think it'd be too delightful.
IMO, etc. etc.

The problem with this argument is that it's entirely based on the faulty assumption that the source code in the hands of a "hacker" would be a roadmap to every flaw and hole in the program. Not to insult anyone's intelligence, but such arguments are usually made by people to whom programming is an unknown black magic.

There is a reason why the majority of software testing involves people using the application, and not staring blankly at source code for hours. Using the program is a much, much more effective way at finding holes and problems with the program - which is how "hackers" tend to find holes now.

The "open source is less exploited because it's less popular" argument always falls apart as soon as someone brings up the world's most widely used web serving software, Apache. Having the source code available does not make an application significantly more at risk of having its holes found and exploited. What it does significantly increase, however, is the potential availability of people to fix discovered problems. ("Potential" because just having the code out there does not automatically mean that there's a crew of programmers willing to spend their time pounding on it and fixing it).

Open source is not a magic bullet that leads to better software, nor is it a gaping hole for "hackers" to use to exploit a piece of software. At its best, it leads to great distributed projects that would not be otherwise possible, but in most cases, it's nowhere near as profound as all the open source vs. closed source chatter would indicate.

 

[Eulogy]

The problem with this argument is that it's entirely based on the faulty assumption that the source code in the hands of a "hacker" would be a roadmap to every flaw and hole in the program. Not to insult anyone's intelligence, but such arguments are usually made by people to whom programming is an unknown black magic.

There is a reason why the majority of software testing involves people using the application, and not staring blankly at source code for hours. Using the program is a much, much more effective way at finding holes and problems with the program - which is how "hackers" tend to find holes now.

The "open source is less exploited because it's less popular" argument always falls apart as soon as someone brings up the world's most widely used web serving software, Apache. Having the source code available does not make an application significantly more at risk of having its holes found and exploited. What it does significantly increase, however, is the potential availability of people to fix discovered problems. ("Potential" because just having the code out there does not automatically mean that there's a crew of programmers willing to spend their time pounding on it and fixing it).

Open source is not a magic bullet that leads to better software, nor is it a gaping hole for "hackers" to use to exploit a piece of software. At its best, it leads to great distributed projects that would not be otherwise possible, but in most cases, it's nowhere near as profound as all the open source vs. closed source chatter would indicate.

Had you been following my entire posting spazin this thread, you'd realize that I was throwing out an entire possibility, and not anything like reality. It was more of a thought provoking idea, and meant to stir the pot a little.
I'm all for open source apps and coding. I find it useful in many ways. However, my OS is "closed", as well as are many of the applications that I use day in and day out.
If you simply throw away all arguments and hope the fact that more people viewing code will close more holes, then sadly you're mistaken. Sure, hackers find holes through using apps and such. However, others still do it through viewing source code at least along side this, if available.
Again, it was merely a logic discuission, more than a real-world application discussion.
And trust me, I've done my share of coding. And well, my share of "uncoding" as well.

 

[bob]

What do you think the MS programmers are paid to do? Oh, right, fix bugs. And unlike open source programmers, they have the motivation of money (really powerful, believe it or not) behind them.

I don't think open source is bad. Saying it produces better products than closed source is a stretch, however.

Unlike the open source programmers at Sun Microsystems, Rehat, Novell, Xen...?

SUN's newest CPU design is "open source", Their latest OS is free (no cost to download, but closed), then the open version of solaris... Open solaris, there is also OpenOffice (Formerly star Office). Redhat with redhat linux, Both Fedora and Enterprise. Novell with Suse linux. Xen with... well, xen. To knock the open-source based projects, on the belief that non-paid programmers have no motivation for quality, is to deregard any contributions to the community by any single person, and any contributions by the likes of for-profit companies such as redhat or novell, which being linux, have to release the source code.

As far as money... SUN at 13 billion, and redhat at 280+ million profit... Id certainly hope any of their employees are compensated reasonably.

 

[jmackay]

What do you think the MS programmers are paid to do? Oh, right, fix bugs. And unlike open source programmers, they have the motivation of money (really powerful, believe it or not) behind them.

I don't think open source is bad. Saying it produces better products than closed source is a stretch, however.

And thats why windows is always flawless on release and never gets bug patches right? Because their programmers are much better than ones doing Open Source work

I never said closed source provides worse products, I said there are less people fighting (back) to make it secure by helping to fix bugs.

 

[NKDietrich]

Unlike the open source programmers at Sun Microsystems, Rehat, Novell, Xen...?

SUN's newest CPU design is "open source", Their latest OS is free (no cost to download, but closed), then the open version of solaris... Open solaris, there is also OpenOffice (Formerly star Office). Redhat with redhat linux, Both Fedora and Enterprise. Novell with Suse linux. Xen with... well, xen. To knock the open-source based projects, on the belief that non-paid programmers have no motivation for quality, is to deregard any contributions to the community by any single person, and any contributions by the likes of for-profit companies such as redhat or novell, which being linux, have to release the source code.

As far as money... SUN at 13 billion, and redhat at 280+ million profit... Id certainly hope any of their employees are compensated reasonably.

Note however that we aren't only talking about operating systems here, the supporting apps for the various *NIX operating systems are largely volunteer and hobbyist maintained, (not all of them, but a great many.) Also, many applications are just poor ripoffs of existing commercial software.

For example, Open Office is a huge flaming pile of dung compared to Microsoft Office. There are some tasks for which the open source competitors in a certain area are ill equipped. And others where they are quite excellent.

 

[ianken]

Same level of bugs as commercial software at 0% of the price? Sounds like a good deal to me.

0% eh? Tell that to an IT manager at a large corporation. Try not to be too insulted when he laughs in your face.

 

[HOCP4ME]

And thats why windows is always flawless on release and never gets bug patches right? Because their programmers are much better than ones doing Open Source work

I never said closed source provides worse products, I said there are less people fighting (back) to make it secure by helping to fix bugs.

But the thing is, Windows does get bug patches. Quite often, actually. There are people at MS working to patch security holes just like open source developers.

For example, Open Office is a huge flaming pile of dung compared to Microsoft Office. There are some tasks for which the open source competitors in a certain area are ill equipped. And others where they are quite excellent.

Exactly. Open Office sucks (IMO), but Firefox is great, for example.

Office 2007 is really a gem of a program in terms of usability. I wish they made Windows like that.

 

[The Red]

I must be one of the few who preffers Open Office to MSOffice ... and not just for the fact that I can afford a bigger HD TV if I go with Open Office... I didnt try out Office 2007 specifically, but I see no need to move to it from Open Office that I use daily and with great effect...

 

[HOCP4ME]

I must be one of the few who preffers Open Office to MSOffice ... and not just for the fact that I can afford a bigger HD TV if I go with Open Office... I didnt try out Office 2007 specifically, but I see no need to move to it from Open Office that I use daily and with great effect...

Try Office 2007. It's a really radical upgrade. If you think Open Office is comparable to Office 2003, you'll think that neither program comes close to Office 2007.

Then again, you may be one of the few who doesn't like the new interface. And even if you like it, it takes a while to get used to and has somewhat limited backwards compatability.

 

[jmackay]

But the thing is, Windows does get bug patches. Quite often, actually. There are people at MS working to patch security holes just like open source developers.

Thats my point, both get patches, both have problems, so you can't say that MS's programmers are so much better just because they are paid. In fact wouldn't not fixing bugs until they are a problem mean job security?

 

[Eulogy]

Thats my point, both get patches, both have problems, so you can't say that MS's programmers are so much better just because they are paid. In fact wouldn't not fixing bugs until they are a problem mean job security?

They just write a new one in, while fixing the old one.

 

[HOCP4ME]

Thats my point, both get patches, both have problems, so you can't say that MS's programmers are so much better just because they are paid. In fact wouldn't not fixing bugs until they are a problem mean job security?

My mistake. I thought you were saying that closed source programs get less bugs fixed than open source. I stand by the title of this topic - they are the same.

 

[-=Antimatter=-]

Since open source and commercial software are both created and written by humans, I'm not surprised that both would have certain errors.