Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cryptocat vulnerability excuse sparks debate over open source

Antone Gonsalves | July 10, 2013
Is proprietary software inherently more secure? Or is it the other way around. Security experts weigh in.

A major difference between proprietary and open-source software is the latter's source code is available to everyone, including hackers. While that means less skill is need to find vulnerabilities, there is no shortage of experienced developers who can do the binary reverse engineering needed to find as many flaws in proprietary applications, Royal said.

"The primary difference will be in the level of skill at which a person can reverse engineer to discover that vulnerability," he said.

Commercial vendors will place protective layers over their code to prevent the theft of their intellectual property, Royal said. But that has not stopped hackers from exploiting a steady stream of vulnerabilities in Microsoft Windows and Adobe Flash, examples of popular applications often targeted by cybercriminals.

Therefore, the ubiquity of the software is what dictates the risk, Royal said. The more popular it is among consumers and businesses, the more likely criminals will look for flaws and develop malware to exploit them.

"In general, software used by many people is going to be targeted," he said.

While that may be true, a hacker is still likely to find open source software easier to crack, said Murray. "I never recommend anyone use open source software for critical applications unless you are going to maintain it yourself and, of course, inspect it and keep it safe," he said.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.