The ability to access the code of open-source applications may give attackers
an edge in developing exploits for the software, according to a paper analyzing
two years’ worth of attack data.
The paper, to be presented this week at the Workshop on the Economics of
Information Security, correlated 400 million alerts from intrusion detection
systems with known attributes of the targeted software and vulnerabilities. The
data supports the assertion that flaws in open-source software tend to be
attacked more quickly and more often than vulnerabilities in closed-source
software, says Sam Ransbotham, assistant professor at Boston College’s Carroll
School of Management and the author of the paper.