The Aberdeen Group is stirring it up, as consultancies will, by highlighting security problems with open source software. It claims, here: "Open source software is now the major source of elevated security vulnerabilities for IT buyers. Security advisories from Cert for the first 10 months of 2002 show that open source and Linux software accounted for more than half of all advisories. The poster child for security glitches is no longer Microsoft; this label now belongs to open source and Linux software suppliers." Internet Week has reported the story.
It is, of course, hard to believe, but there are reasons to be concerned. In particular, one thing we know from research is that the more people use a program, the more bugs they find. Get 500 million people to pound away at something for umpteen hours a day and they will uncover a lot more bugs than 5 million people. Maybe Linux is less buggy than Windows 2000/XP, but at this point, there is no way to know for sure: it has never been subjected to anything like the same kind of stress testing. If Linux were to sustain the same level of attack as Windows today, there is no guarantee it would survive. The hope is that, by the time its user base grows to the same level (assuming it does), most of the bugs, holes and security glitches will already have been found.
