Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Do hackers prevent the release of source code?

HotdogsFolks (1145369) writes | more than 7 years ago

Security 3

HotdogsFolks writes "I've been considering releasing the source code from one of my job websites under the GPL licence for quite some time now. It's a fully functioning, everything-you-could-possibly-want system, so I'm happy to give it away to save people from having to write a similar system from scratch.

The only thing holding me back is the cycle of security patches I'll no doubt find myself in once the bad guys start analysing my code.

I'm not a security expert — I code for fun — so I'm not totally confident I'd be able to spot security issues even if I analysed my code myself.

What would you do if you were in my shoes? How do I get my software out there in the least painful way possible?"

cancel ×

3 comments

Sorry! There are no comments related to the filter you selected.

No. (1)

Leftist Troll (825839) | more than 7 years ago | (#20301035)

As you say, you're "not a security expert", and you seem to be under the mistaken impression that keeping the source closed will compensate for that.

Realize that vulnerabilities will be found, regardless of how open or closed the software is. If you didn't code with security in mind, there are probably an untold number just waiting to be discovered.

Open sourcing your software would probably be a good idea - you might just attract a few security-conscious developers to the project.

Re:No. (1)

Timothy Brownawell (627747) | more than 7 years ago | (#20303157)

As you say, you're "not a security expert", and you seem to be under the mistaken impression that keeping the source closed will compensate for that.

Realize that vulnerabilities will be found, regardless of how open or closed the software is. If you didn't code with security in mind, there are probably an untold number just waiting to be discovered.

That sounds like FUD.

It should be much easier to find holes with source code or a local copy of the system available to look at and play with. Being open would very likely make holes get found faster, by both good guys and bad guys. Breaking in using a hole is extra work after finding it, but then so it fixing the hole.

Maybe find a group of interested people who do know about security, and offer to privately give them copies under GPL or whatever, with the *request* (can't be a demand) that they help find bugs and not redistribute it further until they're reasonably sure that the code is clean.

Re:No. (0)

Anonymous Coward | more than 7 years ago | (#20303963)

That sounds like FUD.

All I'm saying is that closed code is no substitute for a design that takes security into consideration.

Being open would very likely make holes get found faster, by both good guys and bad guys.

While that may lead to more exploits at first, I'm of the school of thought that opening the code has potential for greater security in the long term.

Maybe find a group of interested people who do know about security, and offer to privately give them copies under GPL or whatever, with the *request* (can't be a demand) that they help find bugs and not redistribute it further until they're reasonably sure that the code is clean.

Not a bad way to go about it. Keep in mind that under the GPL, you aren't obligated to distribute the source to anyone until you distribute binaries, so the copyright holder of the code is perfectly within their rights to demand the code not be distributed if the project hasn't made a release yet.

-LT
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?