Debate» Open source software is less vulnerable THREAT OF
THE MONTH
to attack than other software.
PDF/Acrobat
FOR I am tired of the prejudices AGAINST There’s little doubt that open
vulnerabilities
on both sides of the open source has done a lot for secu-
What is it?
source debate, but particularly rity. Over time this has been a
Adobe PDF is the Portable
those that are blindly anti- great evolution, but at the same
Document Format, a cross
open source. While difficult time, I don’t agree with people
platform way to share
economic realities are mak- who tout open source as the
documents. The most
ing open source applications only way to be secure and who
popular viewer for such
Jack Danahy attractive and important, most Caleb Sima claim it is the ultimate answer
documents is Adobe’s
co-founder and CTO,
Ounce Labs
open source opponents con- CTO, HP Application
Security Center
to code security.
Acrobat Reader. Multiple
tinue to construct straw men Security still depends on the
exploits have been found.
from poorly written applications and indict contributors fixing a wide range of issues. If
the whole movement. these engineers and technicians don’t do a
How does it work?
I have yet to see anyone provide side-by- good job or there are not enough ‘security
Acrobat and PDF viewers
side vulnerability analysis of critical open and eyes’ looking over the code and reporting
are popular and are in-
closed sourced products. Long-lived applica- the issues, then open source runs the risk of
stalled by default on many
tions, like Apache, Linux, Firefox and others, being a detriment to security. I have been
PCs as a browser plug-in.
should be the targets, measured in context involved in many assessments where open
PDF exploits usually take
with Internet Information Services (IIS), source allowed me to find the weaknesses and