1. The Difficulty of Exploitation Argument:
Advocates of closed source argue that it is more difficult for attackers
to exploit a closed source system than it is an open source system.
They claim that, because they have access to the source code, it is
easier for attackers to identify vulnerabilities in open source systems.
2. The "Many Eyes" Arguments:
Closed source advocates also point out a fallacy in the "many
eyes" argument for open source. Just because the source code is
available doesn't mean that anyone is reading it. Nor does it mean that
all the vulnerabilities and bugs have been found and fixed; in fact,
undetected bugs have lingered in open source packages for years before
anyone discovered them.
Another problem with open source, say critics, is that the average
user is not competent to actually inspect the source code and identify
problems. So, while there may be many eyes looking at the code, they
are not necessarily seeing in 20/20. On the other hand, the developers
of proprietary software are competent and trained to identify and fix
problems in the source code.
3. The Trust Argument:
The same trust argument against closed source can actually be used
against open source. The reason? An increasing trend in the open source
community is to develop small software packages that include "precompiled
binaries." Users often download and install these precompiled binaries
without examining their source. This means that the users are essentially
placing their trust in the good will and good security practices of
the site from which they downloaded the packages.
4. The Liability Argument:
Most open source licenses, such as the GNU General Public License,
explicitly disclaim any liability. Proponents of closed source software
point out that, when closed source software is purchased from reputable
vendors, there is some recourse in the event of failure.
Summary:
Closed source advocates maintain that access to source code makes it
easier for attackers to find vulnerabilities and exploit them. And,
they argue, just because people have access to the source code doesn't
necessarily mean that they are able to identify and fix bugs. They remind
us that open source users who install precompiled binaries are essentially
running closed source software since they can't be sure the executables
match the source code. Finally, there is the issue of who is accountable
when open-source software breaks.