In the debate over whether open source or proprietary software is inherently more secure, the winner is likely to be neither.
Open source is thought by many to have a leg up when it comes to identifying and patching bugs and vulnerabilities because it is constantly under scrutiny of a larger base of people. But one industry expert argues that unless those developers have a specific expertise in the security realm, the "extra eyes" may still miss things.
"There is often the assumption that open source is more secure because there are so many more people that can look at the code, look at the software and see if there is any vulnerabilities or bugs, but that assumption is only there if those people that are looking at that source code have the training and skills needed to be able to do so," says Stuart Scott, AWS content lead and trainer at Cloud Academy , which offers a broad range of training, testing and certifications on how to use a wide range of cloud services, including Amazon Web Services, for IT professionals.
Scott maintains that some software developers might not be able to spot issues with open source code. He also points out the possibility of malicious actors invoking vulnerabilities with open source code.
"There are lots of people looking for bugs and vulnerability fixes, but there are also people looking to exploit that at the same time," he says.
You can read more about Scott's perspective on how enterprises should view open source code in the broader context of security in this report on our sister site, Security Now.
— Carol Wilson, Editor-at-Large, Light Reading