• E-mail this page
• |  Print this page
• | 
• | 
• | 

Don't Be Half-Safe -- Be All Unsafe!

There's little that's more frustrating than someone who only seems to get half the picture. Consider this article at TechRadar, "Open source doesn't make software safer." The underlying premise is one I've hammered on myself, but the way this article talks about it amounts to strawman snark.

For one, the piece isn't written from the POV that open source is a worthwhile way to develop software. That's bad enough by itself; the wording is such that you'd think open source developers thought the open source process was some kind of magical fairy dust. Just add open, and poof! Bug-free bliss!

There are people who believe this fatuitous nonsense, sure, but for the most part they aren't people involved in the messy and difficult business of actually developing software.

Bad enough, but then I got to this sentence:

The dichotomy is not between open source and closed source. It's between liked software and hated software. People target Microsoft because it has large market share and because it represents The Man.

No, no, no. People target Microsoft because it has large market share, and because by doing so they can get access to people's finances and private data, because of said large market share. Snide digs at "The Man" have nothing to do with it, and attributing this kind of behavior even in part to a loathing of Microsoft is trash journalism at its worst.

Maybe it sounds like I'm replacing one thought-cliche with another. But the quote attributed to Willie Sutton put it best when he was asked why he robbed banks: that's where the money is. Serious hacking is a criminal enterprise, and if you're going to steal, you steal big. One zero-day Windows exploit that gives you access to bank accounts can still net you a ton of money even if a patch is issued later that same day.

Back to the central argument, which again, has a valid underlying point. Open source does not automatically make anything safer. Open source just makes it that much less difficult to conduct the kind of security auditing that software absolutely requires in today's world. But it doesn't make security auditing happen.

It's equally wrong to assume that Microsoft has nothing to learn from the open source crowd, because the lessons there go beyond just publishing code. They're about having the freedom to share what you know, good news or bad, and learn from both other people's mistakes and achievements as well as your own. It's also disingenuous as all get-out to suggest Microsoft has nothing to learn from this when it already is, has been, and continues to be (albeit within the current limits of what it can do as a proprietary platform provider).

What I resent most in this piece is how a perfectly legitimate criticism -- one I've made myself -- is used as a bludgeon to make all open source developers look like moon-eyed romantics or delusional kooks. I know there are folks in the FOSS community who aren't great at cultivating good press, but I have a hard time blaming something this flagrantly wrong on any of them.

Want to hear more about security and cloud computing? Internet Evolution is hosting a Webcast on this topic on March 5. Find out more. (registration required).

Follow me and the rest of InformationWeek on Twitter.

« Satyam Woes Threaten SanDisk | Main | Fear Of Obama IT Protectionism Policy Spreads In India »