Open Source Security: Still a Myth
Subject:   Does the author really knows about open source software?
Date:   2004-09-21 04:37:42
From:   lozano
The author says:

In the meantime, plenty of commercial and governmental organizations are still concerned that open source software is usually less secure than proprietary software. They are worried that open source developers are too much "hacker" and too little "engineer," cobbling together solutions without going through a structured software engineering process (such as requirements, specification, and analysis).

My experience with commercial software development, in-house development, and contributing to open-source projects is the opposite of this. Open Source projects tends to have a more formal and complete software engineering than most commercial projects.

They need to have, because if not they cannot manage a large and disperse developer community. But closed, proprietary software projects, may not have, simply because you'll never know if they really do what they say.

Most software houses I've worked for doesn't even have basic things like version control and configuration managenent in-place. Having the feature on the "enterprise ide" they brought is not the same as using them. Most of Them use CASE tools to reverse engineer the code (after it is "done") so the customer get the fine UML documentation for the system which is very different from doing requirements, specification, and analysis.

Telling open source projects in general are too much "hacker" is just echoing FUD. That's not the way most well known (and not so well known) FSOSS projects are actually done.

So, if you compare "comercial" software versus FSOSS (which is already a mistake, the distintion should be proprietary x FOSS as there are lots of comercial open source software) on a software engineering process and quality control standpoint, most of the time FSOSS proves stronger.

It's funny when I do consulting on companies willing to adopt FSOSS development tools I spend most of the time teaching about sound software engineering practices (like formal unit testing) than about FSOSS philosophy or the tools per se.

The author also seems to ignore the level to which "comercial" software packages today depends on FSOSS software, like IBM and Oracle app servers using Apache or Java IS using jakarta-commons. They wouldn't to this if they were not properly engineered.

Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • Does the author really knows about open source software?
    2005-01-18 20:56:44  musnat [View]

    It seems to me that you are not aware of open source at all. Today all it takes to be an open source developer is to open a software project at sourceforge. When people say open source software or open source community, they talk about these people.

    Second, you are also clearly have no idea how Linux is implemented. There was no software engineering practices used at anytime. Denying this only makes you are an unreliable open source zealot.

    Apache is part of the open source, apache is not open source and open source is not apache. When you talk about open source, giving apache as an example is a pretty stupid thing to do, because Apache is being supported by IBM and many other companies.