To decide if open source applies to one’s project requirements is to investigate if there is an active community supporting it? Does the license seem suitable for the project development? Is the framework being used popularly? An estimation and review of the number of projects that already have deployed or integrated it. Most crucial of all is to review if it meets the project requirements. Using an open source software that doesn’t offer any prompt customer support or has an active community might cause a problem. As Gary Tyreman, CEO of Univa states “Free OpenSource Software (FOSS) is particularly dangerous because if something breaks at a critical time, you’re out on a limb and there may be no one to call for help.”
“Examples of open source projects (e.g., operating systems, development tools, web, and the mail servers) indicate that a community can be built which can create software that is (claimed to be) highly dependable.” I agree with it as finally there is quantitative data to confirm that open source is reliable and secure. According to a study by FUZZ open source software had higher reliability. It states, “It is also interesting to compare results of testing the commercial systems to the results from testing “freeware” GNU and Linux. The seven commercial systems in the 1995 study have an average failure rate of 23%, while Linux has a failure rate of 9% and the GNU utilities have a failure rate of only 6%. It is reasonable to ask why a globally scattered group of programmers, with no formal testing support or software engineering standards, can produce code that is more reliable (at least, by our measure) than commercially produced code. Even if you consider only the utilities that were available from GNU or Linux, the failure rates for these two systems are better than the other systems (Wheeler, 2013)”. The figure below depicts the study results.
The studies carried out by IBM projected that Linux/GNU is highly reliable. IBM confirmed that these tests validate that “the Linux kernel and other core OS components are safe and stable … and can provide a robust, enterprise-level environment for customers over long periods of time.” ZDNet ran a 10-month test for reliability and declared that GNU/Linux is more reliable than Windows NT. BloorResearch carried tests that were one year long and deduced the same results as ZDNet. Coverity performed a four-year research and found Linux’s Kernel had far fewer defects than the industry average. According to a 3-month Swiss evaluation, the websites operating on Microsoft’s IIS web serving software have over double the time off-line (on average) than sites using the Apache software. According to a survey conducted in 2004 by Netcraft’s 80% of the top ten most reliable hosting providers ran open source. A detailed study published in the Communications of the ACM established good indication that the code quality of open source performs at least equal and sometimes superior to proprietary software. Heinz Tröber, a German company, discovered Linux-based desktops to be far more reliable than Windows desktops; Windows had a 15% daily failure rate, while Linux has 0%. Wheeler (2013) further states “One problem with reliability measures is that it takes a long time to gather data on reliability in real-life circumstances. Thus, there’s more data comparing older Windows editions to older GNU/Linux versions. The key is that these comparisons are fair because they compare contemporaneous products. The available evidence suggests that FLOSS has a significant edge in reliability, at least in many circumstances.”
It is not easy to measure security on a quantitative basis. However, the study done by Wheeler collects data about several attempts, and they propose that open source is frequently highly secured compared to proprietary systems, at least in some cases. He has compared open source to Windows systems, and come up with the following comparison studies made. Attrition.org’s data showed that 59% of defaced systems ran Windows, 21% Linux, 8% Solaris, 6% BSD, and 6% all others in the period of August 1999 through December 2000. Thus, Windows systems have had nearly three times as many damages as GNU/Linux systems. The Bugtraq vulnerability database suggests that the least vulnerable OS is open source and that all the open source operating systems in its study were less susceptible than Windows in 1999-2000. In 2000, Evans Data Corp.’s carried a survey based on more than 400 GNU/Linux developers and discovered that Linux systems are comparatively protected from attacks from outsiders. The Gartner Group is endorsing the businesses switch from Microsoft IIS to Apache owed to IIS’s poor security track record. They had spent $1.2 billion simply fixing Code Red (IIS-related) vulnerabilities by July 2001. Nicholas Petreley in his report of 2004, discovered that a large part of Windows weaknesses is grave rivaled to Linux. In 2004, a study by Evans Data testified that 92% of their Linux systems have never been attacked by a virus and 78% that their Linux systems have never been hacked. A study by SecurityTracker done in 2002 states “They identified 1595 vulnerability reports, covering 1175 products from 700 vendors. Their analysis found that Microsoft had more vulnerabilities than anyone else (187, or 11.7% of all vulnerabilities), and more than four times the next vendor.” A study by Brian Krebs in 2005 suggests that it took three times as long for Microsoft to repair serious defects in the Windows software than the open-sourced Mozilla took to fix critical flaws in its software. The paper “Empirical Analysis of Software Vendors’ Patching Behavior: Impact of Vulnerability Disclosure” found that the open source suppliers were 60% faster than the proprietary ones at responding to the vulnerabilities.
References:
Koen (2013) Still doubting the reliability of Open Source solutions? Available at: https://www.codeenigma.com/community/blog/still-doubting-reliability-open-source-solutions (Accessed: 30 September 2017)
Wheeler, D.A. (2013) Why Open Source Software / Free Software (OSS/FS, FLOSS, or FOSS)? Look at the Numbers! Available at: https://www.dwheeler.com/oss_fs_why.html (Accessed: 30 September 2017)
