FCC claims open source software lacks security

FCC claims open source software lacks security
A new federal rule set to take effect today could mean that radios built on "open-source elements" may encounter a more sluggish path to market--or, in the worst case scenario, be shut out altogether. U.S. regulators, it seems, believe the inherently public nature of open-source code makes it more vulnerable to hackers, leaving "a high burden to demonstrate that it is sufficiently secure."

By effectively siding with what is known in cryptography circles as "security through obscurity," the controversial idea that keeping security methods secret makes them more impenetrable, the FCC has drawn an outcry from the software radio set and raised eyebrows among some security experts.



"There is no reason why regulators should discourage open-source approaches that may in the end be more secure, cheaper, more interoperable, easier to standardize, and easier to certify," Bernard Eydt, chairman of the security committee for a global industry association called the SDR (software-defined radio) Forum, said in an e-mail interview this week.

The Forum, which represents research institutions and companies such as Motorola, AT&T Labs, Northrup Grumman and Virginia Tech, urged the FCC to back away from that stance in a formal petition (PDF) this week.

There's also no clear evidence that the number of vulnerabilities in open-source software differs dramatically from that of proprietary software, said Alan Paller, director of research for the SANS Institute, which provides computer security training. (Some earlier studies have found that the generally more intensive scrutiny of open-source code can help keep its quality higher and vulnerabilities lower.)

The term software-defined radio hasn't exactly made it into public consciousness yet, but the technology has been gaining traction in military and public safety spheres. Perhaps the highest-profile example is the Pentagon's Joint Tactical Radio System project, which is designed to give soldiers in the field the ability to shuttle voice, data and video across multiple networks.

Source: CNET News


Written by: Rich Fiscus @ 6 Jul 2007 5:35
Advertisement - News comments available below the ad
  • 13 comments

  • ivymike

    The FCC is Full of $hit.

    6.7.2007 14:17 #1

  • DXR88

    Wat a load of BS. I cant believe it. Screw the FCC Wats wrong with them. Jesus help FCC Rid the evil withen them. And i suppose a radio bult on Windows NT Or CT Tecnolegy Is secure. Who puts these morons in charge. Point-less Attention grabbers. Makes me want to puke all over myself.

    6.7.2007 14:23 #2

  • signal

    ha ha ha...next week we find out Microsoft owns the FCC...ha ha ha...

    Linux user all the way baby....OPEN SOURCE>>>

    Later,
    The Unknown

    7.7.2007 00:40 #3

  • hermes_vb

    So Open Source Software means insecurity and vulnerabilty, how do you explain Microsoft Windows? LOL

    7.7.2007 09:35 #4

  • codejunki

    Similar to the recent hole in Adobe .pdf; the open source readers were not subject to the exploit. i was using both Adobe and Sumatra, so deleted Adobe and have been happy about it since.
    Follow the cash on this one probably.

    7.7.2007 09:37 #5

  • hermes_vb

    I got rid off Adobe's Acrobat Reader long time ago when they turned a simple app into a bulky monster. Right now I'm using Foxit reader and Primo's PDF writer. It's a nice combo.

    7.7.2007 09:56 #6

  • codejunki

    (Kind of a PS here...) Actually, it would seem to me that the Open Office Suite might be taking a large bite out of the available propriatary software (various) Office Suites market. Office Suites are an expensive collection of home/office/business production programs. The significant migration of end-users to Open Office (and other Open Source programs) at perhaps $450.oo per end user is probably becoming an item to consider in the business world. I seriously doubt there are more vulnerabilities in Open Office than any other Office Suite, and frankly any discovered are likely to have a fix quicker than the proprietary products. I'm also sure that the migration to Open Source .pdf readers/writers has taken it's toll at Adobe; at one time they were the only game in town. Now Open Office can even manage .pdf files as well as just about everything else that the proprietary Office Suites can do. I have Open Office 2.0 on this box and actually, there isn't a lot of difference in the capabilities of it compared to a couple other Office Suites i have. Open Office 2.2.1 can be downloaded free http://www.openoffice.org and looks pretty close to what comes bundled with the latest flavors of Linux.

    7.7.2007 10:53 #7

  • hermes_vb

    Well, I think Open Office doesn't have as many features as the Microsoft Suite, but it sure is more cost effective. If I ran a business I'd have MS Office installed on a few key PC's and the rest of the employees would get Open Office, which is a good enough.

    7.7.2007 14:52 #8

  • spydah

    This article sounds like Billiam wrote it his self. That fool has always been against any company that will promote their products and say they are free. Especially if they are good free products then he will take them to court and sue them because he will have to lower his prices to compete.

    7.7.2007 19:51 #9

  • codejunki

    OK, i've beat this one too much and besides i'm heading for the 8,000ft mountains to do a little hiking up to to the 10,500ft level for photography as well as a little fishing, mtb'ng and campfiring. So this will be my final thought, simply because i don't know any more about the subject and, actually, *hate* to speculate in the first place, but what the hey, here goes:

    Quote:... U.S. regulators, it seems, believe the inherently public nature of open-source code makes it more vulnerable to hackers, leaving a high burden to demonstrate that it is sufficiently secure....
    I see this bureaucratic announcement as a "foot in the door", a "Shot across the bow", the "planting of a seed", against government-agency proliferation of open source programs which have been taking shark-bites out of proprietary products. A quick check at opensource.org will give a fair (although not updated) idea of how many major end users are going open source not only for a small migration to alternative OS's, but for office suites and various other expensive tools. This OOS migration has undoubtedly gained the attention of major corporations, and major corporations naturally maintain contacts with action-officers and purchasing agents in every government. If they did't, they'd loose customers, and if i were their boss, i'd fire them for not trying.
    So, if i were trying to stem the tide of disappearing government clients for my products, where would i start from?
    I must agree with the knowledgeable prior post, that (just for instance) MS Office Suite 2007 on this Vista box is much more robust than OpenOffice 2.0 on this same box. That said, i would wager beer-money that 9 out of 10 secretaries and 9 out of 10 "other" office workers *everywhere*, and especially in governments around the world, do not even *start* to utilize the capabilities of the MS Office Suites. At least back to Office-2000, that's the version of Word that sent me to the local university for their MS Word classes. That said, beyond mail-merge and normal word processing, most of the capabilities of MS Office are wasted on the average office worker. So, i'm a government, or a company, who is strapped by ever escalating costs, and looking for ways to cut business expenses. My IT costs are significant. Not only the IT personnel, but the upgrades of hardware and software that seem to roll in before personnel even get used to the last upgrade. If I roll over my desktops to Linux suddenly i find that my IT guy (or gal, as the case may be) needs close to a hundred grand annual plus bennies instead of the present Windows guy and his forty grand plus bennies. Besides, i understand the Windows guy's IT job, and can pinch hit for him if he gets the flu. The Linux guy's job... FORGET IT! So, I'm not going to move away from Windows right now but i will migrate to compatable office software which will save me upgrades every two years for every desk in my company. So when the salesman for a proprietary office suite comes knocking, and i tell him my good news about cutting costs, he's going to (if he's worth his salt) tell me how dangerous it would be for my office suite programs to be open source, because every hacker on the planet would be working on getting into my databases because they have the code. Doesn't matter whether it's the truth or not, or whether the OOS is actually more or less vulnerable than the proprietary choices, if i'm a good salesman i'm going to make the boss believe it.
    That said, if I were the boss, I'd probably stay with my MS OS, my MS Office 2007 and the eternal upgrades, simply because that combination will do more things (presently) in a cuter way than OOS does.
    So there you go; if i can plant doubts about open source in this radio-telephone thingy, whatever it was, maybe later i can make open source competition for my real bread and butter go away....
    Of course, the announcement may have come from someone who is frightfully concerned about vulnerabilities between open source and proprietary code. The world has always been full of conspiracy theories, ever since the little green men crashed their spacecraft in Roswell........ :lol:

    8.7.2007 14:17 #10

  • pmshah

    They talk as if closed source software cannot be hacked. In fact they might live under the false impression and think that their code is secure.

    That is even a more dangerous scenario.

    9.7.2007 00:40 #11

  • borhan9

    What a load of crap. Open source is exactly that ment for people that can code to improve and share the software as in Freeware :P

    I think they should realise that free coders make better programs than big copyrighted corparations :)

    9.7.2007 20:36 #12

  • Rich_L

    And the NSA (national Security Agency says Microsoft Office is such a security threat that they do not allow it on any of their machines.

    So lets see hundreds of dollars vs free which one is more secure

    Oh by the way The NSA uses OpenOffice(paid version - goto be legit). isn't open office an open source give away free program.

    Who do we believe FCC vs NSA, I will take the people that deal with security over the people that deal with communication any day.

    31.7.2007 19:14 #13

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud