INSECURITY VENDOR Trend Micro has caused a storm of controversy by claiming that open source software is inherently insecure.
Steve Chang, chairman of Trend Micro made the comments as the outfit released its security software for Android smartphones. Chang claimed, "Android is open-source, which means the hacker can also understand the underlying architecture and source code." He continued, "We have to give credit to Apple, because they are very careful about it. It's impossible for certain types of viruses [to operate]".
Trend Micro is known for its security software that runs on Microsoft's Windows operating system, but it sees smartphones as a big opportunity to peddle its software. "Smartphones are the next PC, and once they're adopted by enterprises, data loss will be a very key problem," said Chang.
Apparently Apple's sandboxing impresses Chang, though he did admit that IOS isn't completely bulletproof, which is handy because such a comment would hurt sales of Trend Micro's own IOS security software.
Not surprisingly, Chang's ill-advised comments accusing open source software of being inherently insecure resulted in the firm back-pedalling and issuing a statement.
It said, "The relative merits of open versus closed source development have been debated for many years and we fully expect that debate to continue." It continued, promoting the growing need for data security on mobile devices. "Criminals have already begun to exploit financial opportunities offered by mobile platforms and we are committed to offering the highest level of security to our customers, whichever platform they choose," said the firm.
Chang's comments were surprising not for the rhetoric they contained - spreading fear is standard in the insecurity business - but for their inaccuracy. Developers for closed source operating systems such as Microsoft Windows can, and need to, understand the underlying architecture in order to program certain applications. Even Microsoft, the very benchmark of insecure software, goes to significant lengths to educate developers about its Windows' architecture, albeit treating specific parts as black boxes in order to preserve its closed source model.
There is no evidence that the availability of source code for software such as the Linux kernel, Mozilla's Firefox or Google's Android operating system make them any less secure than closed source software such as Microsoft's software or Apple's Mac OS and IOS. The ability for many developers to sift through code usually ends up with maintainers working to higher standards, if for nothing else than to avoid embarrassment.
In truth Chang's comments are unlikely to hurt Trend Micro's sales. After all, the majority of those running open source operating systems don't need any of Trend Micro's software. µ
Plus IoT factories and a pricey Pixel pouch
It's all fun and games until someone loses their rent
Speeding this way from the Spring
It's generating lower margins than smart-speaker rivals from Amazon and Google