Open source software and operating systems have many advantages. So it is often free and also often highly adaptable to personal taste and preference. But is open source really safe? And what options does your open source in the field of security?
Open source software and operating systems such as Linux, are increasingly being used, even in business. The most attractive is the fact that most software is free and can thus save a lot of money. Open source means that all programming code is public and anyone can help with developing the product. A nice given, but the question is how safe this software really is.
A report from Fortify Software from 2008 shows for example that open source is not secure, anything but even. Thus it often happens that the creators of the software or not too late to respond to questions and comments about security. For the study tested Fortify Software eleven software and the makers of response to security problems over a period of three months. At that time, 22 826 cases were found to cross-site scripting and SQL injection 15 612 issues. Fortify then tried the respective communities, which together create the software and maintained to achieve. This was mostly through a contact page or website, a telephone number was not present. In two thirds of cases, there was even no response.
Commercial vs. open source
But that was in 2008. We are now further seven years and in that time much has changed. In July of this year saw the Coverity Scan Open Source Report, in which the safety of both commercial and open source products in 2014 were compared. Last year almost 152 thousand defects have been remedied, which is higher than that found in total between 2006 and 2013. A considerable increase so. But what the report also shows that the defect density, the number of defects per thousand lines of code, has improved. For open source products, this number has gone from 0.66 to 0.61. Fewer and fewer problems are thus found in the code. In comparison, the defect density of commercial code in 2013 stood at 0.77 and 0.76 last year. In open source software are therefore less defects in the code than commercial software.
If we look at the security of this software, we also see an improvement. In 2014, open source operating system Linux, the Coverity Scan service to find more than five hundred dangerous deficiencies and repair. These included, inter alia, resource leaks, memory corruptions and nietgeïnitialiseerde variables. This sounds serious, but the fact that they are found is positive. The problems are indeed afterwards, when it is well dissolved. Where the problem lies and where it was already in 2008, is how quickly the deficiencies are resolved. According to the report it is indeed still the case that commercial software solves its problems faster than open source projects do so. But the research also shows that the reliability and security in both types of software have improved. So we go forward.
Ranging
How secure open source software is exactly depends on the software. One product is in fact maintained better than the other. How good it is depends on how the software is used and what community hangs out. If the software is used by many companies or individuals, the pressure to maintain the product well is greater. The software is maintained by a group of people who do this often voluntarily and there is only the question of how often and how well it does it.
GitHub
Many open source software like you GitHub, a website where software repositories are shared. Here you can search for software and understand the code including data logs. Pleasant is that you can easily all kinds of information available about the software, including how often the software is updated (commits) and how many problems (issues) are there.
If you click on Commits, you see how often code is added or changed, but also when it was last done. There are few commits or is the latest example, two years old, then you know that the software is probably not properly maintained and thus less secure than well-maintained software.
On the right you will see how many issues there . By clicking here you will get a list of what the issues were and responses. These are many and there is little to not respond, then the chances are that nothing is done with it. The issues that you see are the ones that are still open and therefore are not resolved. You can also see how many have already been found, these are the issues closed. Additionally you will see in the list of what kind of problems are: there are categories in addition to every problem. For example, one issue may be a question, an improvement to the program or a bug. Improvements are, of course, always good, but not necessary for the security. The important thing to look at are the bugs, because there are real problems. In this window you can actually also create new problems raise by clicking New issue.
Security Software
In the world of open source software, there are many programs to your computer protect. It does apply, as with other software, the product itself or whether it should be maintained. It is therefore advisable to extend the application of the above information on these products. Still, there are some good open source options for the security of your devices.
AES Crypt
You want to encrypt files without immediately have an entire disk Encrypt? Then AES Crypt is a good way. The software lets you easily encrypt each file available with AES encryption, the most secure way to encrypt your data. It is also pleasing that the program be used on both Linux and Windows and Mac, and is absolutely free.
AES Crypt can be downloaded here.
PasswordMaker
Password Maker is a tool that can be used among others as an extension, but basically works with any browser. The tool creates unique passwords for you that you can pick up easily. You log in with a master password, and then you have access to your other passwords so you can log on to a website.
Password Maker is available for download.
Open Source Tripwire
Tripwire is a solution to detect intruders in your system. So you never worry about whether someone broke or not, you simply get a message like this happens. Open Source Tripwire is a derivative of the original commercial Tripwire and developed by the same company. Big difference is that this version is free to use.
Open Source Tripwire can be downloaded here.
No comments:
Post a Comment