Issue No.05 - September/October (2001 vol.18)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/52.951496
Most commercial software producers guard access to the source code of their systems, making it difficult for anyone outside their organizations to apply a variety of measures that could potentially improve system security. But since an attacker could also examine public source code to find flaws, would source code access be a net gain or loss for security? The question goes beyond the technical issues involved because publishing source code reveals intellectual property and therefore affects the producer's business model. We consider this question from several perspectives and tentatively conclude that having source code available should on balance work in favor of system security.
Brian Witten, Carl Landwehr, Michael Caloyannides, "Does Open Source Improve System Security?", IEEE Software, vol.18, no. 5, pp. 57-61, September/October 2001, doi:10.1109/52.951496