A SECURITY COMPARISON OF OPEN-SOURCE AND CLOSED- SOURCE OPERATING SYSTEMS.pdf

236 A SECURITY COMPARISON OF OPEN-SOURCE AND CLOSED- SOURCE OPERATING SYSTEMS Kishen Iyengar Dept. of Information Systems and Operations Management, University of Texas at Arlington, Box 19437 University of Texas at Arlington, Arlington, TX-76019, HTUkiyengar@UTH, Tel: 817- 272-3584 Vishal Sachdev Dept. of Information Systems and Operations Management, University of Texas at Arlington, Box 19437 University of Texas at Arlington, Arlington, TX-76019, HTUvsachdev@UTH, Tel: 817-272-3584 M.K. Raja Dept. of Information Systems and Operations Management, University of Texas at Arlington, Box 19437 University of Texas at Arlington, Arlington, TX-76019, HTUraja@UTH, Tel: 817-272- 3540 ABSTRACT The argument whether open-source code is more secure than proprietary software has more or less been one of opinions and beliefs and not based on empirical tests and validation. In this paper, we empirically examine vulnerabilities data and compare closed-source and open-source operating systems. Our results indicate that although there are differences in the total number of vulnerabilities reported, there is no difference in the average risk per vulnerability between open-source and proprietary operating systems. Keywords: Open-source, Security Introduction The argument between open-source code and closed-source code has existed for many decades now. In terms of security, proprietary software and open-source software both have their own support bases who intensely advocate their point of view (Hunter 2004, Schulz 2000). The discussion has more or less been one of opinions and beliefs and not based on empirical tests and validation (Chaudri 2004). This is probably due to the fact that it is difficult to ascertain the right metrics of measuring security and collect data. The operating system is probably the most crucial piece of software that runs on any computer. Therefore it is important to examine security aspects of operating systems and compar