Security's Future Belongs To Open Source

Steven J. Vaughan-Nichols | ZDNet | May 20, 2014

It's really not a debate question, it's just the way it is. The world runs on Linux and open-source software.

The public was with me in my argument that Heartbleed didn't prove the open-source development model was insecure, but the judge rules against me. Eh, I'm not hurt. More than readers agree with me, almost all of technology agrees with me.

You see, while Heartbleed was open source's worse security hour, it was an exceptional case. Outside of Apple and Microsoft, everyone, and I mean pretty much everyone, has already decided that open source is how they'll develop and secure their software. Google, Facebook, Yahoo, Wikipedia, Twitter, Amazon, you know all of Alexa's top ten Websites in the world, rely on open-source software every day of the year.

They do it because Eric S. Raymond was right when he wrote in the essay that got open source started, "The Cathedral and the Bazaar," that "Given enough eyeballs, all bugs are shallow." The problem with Heartbleed was that no one—no, not even the NSA—looked at the code. The failure wasn't with the open-source method, it was that no one bothered to apply it to OpenSSL...