Does open source improve system security?

被引：28

作者：

Witten, B

Landwehr, C

Caloyannides, M

机构：

[1] DARPA, ATOO, Arlington, VA 22203 USA

[2] Mitretek Syst, Mclean, VA 22102 USA

来源：

IEEE SOFTWARE | 2001年 / 18卷 / 05期

关键词：

Algorithms - Computer system firewalls - Computer system recovery - Cryptography - Internet - [!text type='Java']Java[!/text] programming language - Portals - Program compilers - Security of data - UNIX;

D O I：

10.1109/52.951496

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

By guarding their source code, most soft-ware producers make it hard for an outsider to help improve system security. But because attackers can also examine public source code to find flaws, is source code access a net gain or loss for security? The question goes beyond technical issues: publishing source code reveals intellectual property and therefore affects the producer's business model. This article considers this question from several perspectives and tentatively concludes that making source code available should, on balance, work in favor of system security.

引用

页码：57 / +

页数：6

共 17 条

[1]

ANDERSON RJ, 1999, P 15 ANN COMP SEC AP

[2]

*COMP SCI TEL BOAR, 1999, TRUST CYB, P185

[3]

Cowan C, 1998, PROCEEDINGS OF THE SEVENTH USENIX SECURITY SYMPOSIUM, P63

[4] Building diverse computer systems [J].

Forrest, S ;

Somayaji, A ;

Ackley, DH .

SIXTH WORKSHOP ON HOT TOPICS IN OPERATING SYSTEMS, PROCEEDINGS, 1997, :67-72

[5] Denial-of-service attacks rip the Internet [J].

Garber, L .

COMPUTER, 2000, 33 (04) :12-17

[6] A quantitative model of the security intrusion process based on attacker behavior [J].

Jonsson, E ;

Olovsson, T .

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 1997, 23 (04) :235-245

[7]

KERKHOFFS A, 1983, J SCI MILIATIRES, V9, P5

[8]

Lear AC, 2000, COMPUTER, V33, P22

[9]

Littlewood B., 1993, Journal of Computer Security, V2, P211

[10]

MILLER BP, 1995, FUZZ REVISITED REEAX

← 1 2 →