Mitnick on OSS Security

By Justin Mann on January 30, 2006, 10:50 AM
What does an ex-phone hacker turned security analyst think about open source projects and how it compares to proprietary and closed source solutions? In an interview with Tectonic, Kevin Mitnick gave the answer to numerous questions about his stance on OSS. His answers may surprise some, with some of his answers being rather ambiguous.

“On the face of it, open source software is more secure,” says Mitnick. “A lot of eyes are looking at the code. You'd think that with OSS, with more people looking at the code, you're more apt at finding security holes. But are enough people really interested?”
Though I don't think it's quite an issue of “are people interested” as compared to the average turnaround time for fixes, he raises a good point. The article is only a page long, but worth a read.




User Comments: 6

Got something to say? Post a comment
MonkeyMan said:
Well, he does have a point. Although open source is more secure, there is always a chance of someone hacking into the system. On the bright side, being "More secure" is much better than being less secure.
PanicX said:
[quote] He served five years in prison, including eight months in solitary confinement after it was alleged that he could launch nuclear missiles by whistling into a telephone[/quote]That aint just whistlin dixie!or is it?
Cartz said:
Also depends on the software, and the reviewer...If a reviewer sees a hole that no one else has noticed, and says nothing, he is free to exploit a hole he may have never known about if it weren't for open source software.
Skip said:
Mitnick is an interesting character. I will be interested in reading his autobiography. Just hope it's not picked up by Oprah. ;-) Because I doubt he could ever present an unbiased view of the events of his activities (nor would I expect him to), and then I would have see all of the shock (shock I say) when it comes out that he may not have fact checked everything, or chosen to portray himself in a better light. Sorry about the mini-rant, but I get mad when people who know better confuse journalism and an autobiography.Regards,Chris
nathanskywalker said:
[quote]“On the face of it, open source software is more secure,” says Mitnick. “A lot of eyes are looking at the code. You'd think that with OSS, with more people looking at the code, you're more apt at finding security holes. But are enough people really interested?” [/quote]I think i see what he is saying. Even if enough people were willing to take the time to examine an operating system for erros, no one will spend as much time an effort as a desperate hacker. Or at least, not many people. A hacker knows where to look and open source:[quote]“Open source would be easier [to hack],” admits ex-hacker turned security consultant Mitnick. “It's less work.”[/quote]And i think he would know better than any of us....unless of course any of you are expert hackers....which i'm not going to ask if you are ;). But really, a hacker knows where to look best, and he will probably get there first, unless there are enough differrent oppions from enough differrent people to find the problems first. So, back down to it: For the hacker, no reverse engineering required; for the user, no week long waits required.......the choice is yours....
spike said:
I quite like Mitnick. I don't know much about him, but he doesn't seem to be a very outspoken guy. One thing I have noticed about him though, is that when Mitnick speaks, people listen. They don't always agree4 with what he says, but anybody would be a fool not to at least consider his views :)
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.