Pro-Linux report sexed down by government

The Office of Government Commerce's report into the viability of using open-source software in the public sector was toned down in its praise of Linux security before release, silicon.com has discovered.

A copy of the report, seen by silicon.com with amendments still visible, shows changes were made to the government's stance on the particular advantages of Linux versus proprietary software when it comes to security. The Office of Government Commerce (OGC) is the Treasury office charged with improving public sector procurement and project management in the UK.

The pre-release version of the report read: "Linux would appear to offer numerous strengths in terms of security." In the final version this became: "There is no definitive answer on the relative security merits of open or closed-source software."

The pre-release version also described the visibility of Linux code as a boon to its security, saying: "The structure of the Linux operating system is regarded as inherently more secure than that of Microsoft Windows... The open-source code can be viewed in its entirety and in the event of a problem the worldwide Linux community can act to resolve any issue with urgency."

The final version, however, is more muted. "While some argue that many eyes lead to fewer security flaws, others argue that those wishing to exploit, or tamper with, open-source code have an easier time than with closed source code," it reads.

The idea that a greater number of code-watchers helps open-source software's security hasn't been disputed by Microsoft CEO Steve Ballmer.

He said in a recent email to customers: "Linux has often been touted as a more secure platform. In part, this is because of the 'many eyeballs' maxim of open-source software that claims a correlation between the number of developers looking at code and the number of bugs found and resolved. While this has some validity, it is not necessarily the best way to develop secure software."

A poll this year of silicon.com readers showed more support for the idea that open-source is inherently more secure. When asked: 'Why might Linux be more secure than Windows?', the majority of respondents said it was the way the operating system is maintained.

Forty-one per cent said it might be more secure because of the open-source development model, 32 per cent answered that it might be more secure because it's not as widely used and is therefore less of a target, and 27 per cent said it isn't more secure, full stop.

However, in both the pre-release and final version of the OGC report, it highlights that malware writers have yet to turn their attention properly to Linux and other open-source software. "Open-source software is less likely to be attacked by viruses than proprietary software," it said.

An OGC spokesman said the report had been "made more vanilla" in order to not give people the impression that Linux is "100 per cent secure" and that everyone should switch to open source.