Tool_Maker - No. Per the people in the agencies who test these things...OSS is neither less secure nor more secure than proprietary code. The difference is that vulnerabilities are often discovered and mitigated substantially faster with OSS than proprietary code. (think crowd sourcing approach).
MrDon - You bring up a great point and there are teams of people here in the National Capital Region addressing your point specifically. We have an event coming up September 4th that includes several sessions specifically addressing your point. Both applications and hardware include code and all code has some level of vulnerability. At the core, security is an ongoing process and not a task performed and checked off of a list. The adoption of Open Source Software is growing rapidly in the government. New product development cycles are reduced by years thanks to the collaberation of OSS. Total life cycle costs are reduced by orders of magnitude because consumers are not held hostage by proprietary development practices. Ironically, the first year costs are alomost the same (within about 7%) between OSS and proprietary projects with the key difference being where the money is spent. Side note: People would be shocked by many of the hardware providors that are perceived to be proprietary code when in fact they contain large amounts of OSS.
I agree. Companies like Adafruit and Sparkfun are supporters of OSHW (Open Source Hardware) and have made a sustainable business in this technology domain. Like OSS, OSHW should be investigated carefully if its intended use is for consumer products. With all of the files available for download, mischievous hackers delight in exploiting these devices which increases the cost of the product for the customer from OEMs security/IP perspective. I believe OSHW does have a place as an educational tool to learn about embedded design as well as to check feasibility of product concepts. But that's where OSHW should stop. Incorporating OSHW as a mainstream product opens the gate for unexpected outcomes.
,,,and just since I made that Linux comment (about a week ago), there have been several other Open-Source examples that have come into light, even right here in the DN blogging space: from NASA opening space mining to commercial entities, to 3D Printer Mfgr's who are challenging their customer-base to propose new printing ideas ('sugar' was discussed, in the confectionaries arena). It's not just about software and code development anymore.
Thanks to everyone who provided input. Jim, you have a good point. I would say that perception became the reality relative to the "risk" involved in open-source software. Even though corporations were painting that picture, technology was slow to adapt. Now, the diversity of technology combined with the speed with which new technologies are coming out is creating this new era and springboard of open-source adaptation.
I am probably way over my head here, but isn't OSS easier to hack? As far as Wikipedia is concerned, I have not used it in years as I found too much bogus information there. As a college student, I never had a class that would accept it as a source in any research paper. It was a place to get started, but never the final word.
Rob, another interesting aspect of the open source hardware plarforms is that there are cheaper alternatives that represent parts that can be had for production applications. I have a number of interesting boards that I have worked with. If you are looking at ARM CORTEX-M3 or M4 then STMicro has boards that are in the $10 (for the M3) to $15 for the M4. You can get professional tools for these that are restricted to the boards in question for free. Then, if you develop something that you would want to implement and sell, you have the parts available in mass quantities. If you are looking at these types of parts, I would stick with the ARM architecture at this time. I am not pusing STMicro, but this is just a set of devices I have recently worked with.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.