The range of malicious behaviors that made headlines over the past year proves how close to home cybercrime can hit, and how it can harm an organization and force IT leaders to rethink their security strategies. Security teams have sought to secure their enterprise's software however they can — a need that has brought to light the question of open source vs. closed source: is one of these sources for software more secure than the other? Here's a closer look.
High-Profile Hacks
In 2014, an intimidating number of very public hacking incidents put precious personal data at risk. And neither method was safe — as these examples show, an information infrastructure is vulnerable whether it's open or closed:
- Heartbleed: In April 2014, this vulnerability was discovered in Open SSL, the popular open-source cryptographic software library. Heartbleed affected millions of web servers, giving hackers the potential to view and misuse sensitive, private data — but also prompting a mass effort among users to change their passwords and take appropriate security precautions.
- Microsoft Vulnerability Exploit: In November 2014, the credit card information of over 56 million Home Depot customers in the US and Canada was compromised. Credentials were initially stolen from a third-party vendor, but the cybercrooks turned to a Microsoft Windows vulnerability patched after the breach to do the rest. Following the news, companies were criticized for not securing sensitive areas of their IT networks.
While these issues are dissimilar in nature, both headlines prove one ominous point: The suddenness and severity of attacks remains a big threat to customers and organizations alike, regardless of software source.
Open Source vs. Closed Source: A Matter of Preference
Open-source platforms give developers the capability to keep up with new and changing requirements and ultimately build more robust end products and services. With safety margins in mind, these solutions are ideal for many innovative firms. Fans of open-source systems believe they experience fewer exploits and their code receives patches more quickly because there are so many developers contributing to an open-source project and ulimately making improvements to the software.
On the other hand, closed-source platform enthusiasts declare that closed models have a head start on safety, claiming that because their code bases are secure, their software is less likely to be exploited. Closed-source issues can be resolved by a core team rather than a herd of external people.
There are, of course, many nuances inherent to each of these arguments, and when it comes down to which development model is most secure, it's really a matter of preference. Deciding which method to use is a job for the leaders and policies of a particular firm working in a particular industry — and it'll only truly be the best method if it's made in an environment that stresses agile security.
In today's third-party, Internet-of-Things world, the only truth is that all software - be it open or closed-source - is inherently insecure. With both open-source and closed-source systems, it is impossible to create code that's not vulnerable. It's up to IT leaders to strive for diligence across the board, in order to ensure security testing is integrated into the use of software. It isn't through open- or closed-source development that firms can find total security, but through a combination of rigorous proactive and security measures.
Photo Source: Wikimedia Commons