Friday, January 20, 2006

US pays to make open source safer

The U.S. Department of Homeland Security has recently pledged one million dollars (read in a Dr. Evil voice) to fix security bugs in open source projects like Linux, Apache and Mozilla. Stanford University and Symantec are going to do the work. On the one hand, I think that is a nice (but token) gesture of support for open source as a national (dare I say planetary?) asset. On the other hand, from a security standpoint, I would say that open source already has a distinct advantage over proprietary software because there are more people looking at the code and its flaws ("Given enough eyeballs, all bugs are shallow"). For example, I would not vote on an electronic voting system whose source code was not exposed to public scrutiny. So why single open source software out? I wonder what the government can do to make proprietary software more reliable and secure because, if you look at the security alerts, that is where the majority of problems seem to be. on the other hand, I am not sure that I want the government to have any influence over code that I cannot see in light of the recent trends regarding privacy.