In Tuesday’s story [March 4] regarding Dixon Public Schools’ network security breach, NIU Information Security Director Jim Fatz shows a profound misunderstanding of how open-source software works.
When code is open source, it means the original code is freely available to view. You can modify your own version, but others cannot modify what you’ve already installed. The fact that the code can be viewed and critically analyzed by those outside the development loop means flaws can be found and fixed faster.
Proprietary (paid-for) solutions don’t have that capability, and those solutions are the products of companies that stand to lose shareholder value if a security risk is identified. In light of recent revelations regarding the NSA having back-door access to solutions from Mr. Fatz’s “top-dollar” companies, such as RSA, transparency is an asset, not a liability.
Mozilla Firefox – a browser many readers might be using right now – is open source and widely acknowledged to be more secure than Microsoft’s Internet Explorer. Apple’s Mac OSX, used right here at saukvalley.com, is based on open-source code, and its user interface is designed with an open-source toolkit; while more expensive, Macs are almost universally considered the more secure desktop operating system.
The FBI, NSA, CIA, and the Justice Department all use Linux, the biggest of all open-source projects and the base for the most secure server systems in the world. Linux and BSD are also the basis for some of the most robust firewalls in the business – all open source.
Mr. Fatz may have an agenda, or he may be genuinely ignorant. Either way, it’s important that Dixon Public Schools and Sauk Valley Media’s readership understand the difference: Open source is a development methodology, nothing more.
What happened at Dixon Schools was almost certainly a social-engineering attack, and anyone with an information-security background should recognize this.