Does Open Source Development Produce Secure Applications? A Focus on Mozilla and Firefox Projects

Document Type



Dr. Yonglei Tao, taoy@gvsu.edu

Embargo Period



Open Source Software (OSS) has long been of interest to developers and system administrators since it is very affordable. OSS development has recently received greater attention in the user community due to security concerns in established commercial web browsers and the availability of a newly maturing Open Source alternative. Some members of the OSS community argue that open source code is more secure because the code is available to the public. This is the famous "many eyes" argument that vulnerabilities are easier to find and fix. Countering this, some argue that OSS is less secure because hackers also have access to the source code and can exploit vulnerabilities much quicker than in a closed source product. More generally, there are ongoing debates regarding the development model of OSS projects and whether they can produce applications that are secure and robust. The goal of this presentation is to review the security of an Open Source Development project and the robustness of its output. The first part of this presentation provides general information about OSS such as the definition, benefits, issues and motivation. The second part reviews secure application development principles and practices, and develops a basic secure application development criteria for use in evaluating OSS projects. The last part applies the security criteria to a high profile Open Source project, the Mozilla Firefox web browser.

This document is currently not available here.