Open source safest for healthcare IT, study claims

Open source software is actually more secure than its often more expensive alternatives, say researchers at the University of Warwick and UCL Medical School.

After examining open source licensing arrangements in detail, the team concluded that they give the buyer a much stronger position than proprietary licenses, as they’re less vulnerable to lock-in.

“When the buyer chooses an open or free licence he or she can take the code to a rival  code developer if they offer a  better deal,” says UCL’s Dr carl Reynolds.

“If the code is in the public domain, and the user and programmer community are engaged, then the buyer can profit from more people inspecting and fixing the code, leading to higher quality source code and in turn software.”

And, says the team, their research shows that open source can be more secure than other systems. Vendors of proprietary systems often rely on a so-called ‘security through obscurity’ argument, claiming that systems that hide their inner workings from potential attackers are more secure.

“However, security through obscurity alone completely fails when code is disclosed or otherwise discovered using tools such as debuggers or dissemblers,” says Professor Jeremy Wyatt of the University of Warwick.

“Worse, it has been suggested that the cloak of obscurity tends to encourage poor-quality code. Opening the source allows independent assessment of the security of a system, makes bug patching easier and more likely, and forces developers to spend more effort on the quality of their code.”

And many contractors providing open source implementation and support offer legal indemnity to clients in exactly the same way as proprietary vendors, they say.