This is not the first time I’ve heard about this, but it is the first time I’ve seen it reported on a bigger news site. And with the influx of recent Internet Explorer bugs, it might be a prudent time to show you why open source apps like Mozilla prove themselves to be more secure then commercial “closed source” alternatives.

First I should very briefly explain what “open source” means. The application you are reading this story with. (for example) is called a binary executable. That means that the code that the programmers wrote has been converted from a human readable programming language into a form that the computer understands. That process is called compilation. The human readable and modifiable code that started it all is not supplied with commercial applications. (like Microsoft Office or Windows itself) so you can’t modify it, you can’t fix bugs and you can’t improve it in any other way. With open source software like Mozilla and Linux, you get the human readable source code along with the binary computer files, so you can change, bugfix or improve the program to your hearts content.

Now I can explain what the first paragraph was alluding to. The Mozilla foundation, the guys responsible for Mozilla, Firefox, Thunderbird and many other popular applications is offering money to people that find bugs in their source code. At the moment, they are offering 500 dollars (USD) to anyone that can find security vulnerabilities in Mozilla code. So the programmers can fix anything found before it becomes an issue.

Can anybody think of a way to improve security that is better then encouraging the entire worlds programming community to review Mozilla code in the effort to find problems to fix, and enticing them to do it with offers of money? I certainly can’t. Now lets take Mozilla’s main competition. The source code for Internet Explorer is not seen outside Microsoft and those few entities that Microsoft really trusts. That means that the number of eyes looking for holes in the source code are limited to a finite and relatively small number of people. (where as the number of people looking for holes in the IE executables is absolutely huge and results in many of the virus’s you see doing the rounds.)

Now lets look at the security problems that each have had and compare them. It’s not hard to see why Mozilla ends up winning. The simple fact of the matter is that the more programmers reading the code, the more chance there is that somebody will either find a bug, or think of a better way to do something.

I know in the past that Mozilla also offered money to programmers to perform specific tasks for them, they had something akin to an auction site where they would list things that needed doing, and the money on offer to a programmer for doing it. From what I saw, it looks to have been a great success.

All that and you guys get the end products for free. Who said there was no free lunch any more?

Regards

Franki

This article was posted on Wednesday, August 4th, 2004 at 1:53 am