Chrome Patches Show the Power of Open Source--and Google

Google's patching of vulnerabilities in its open source Chrome Web browser last week wasn't so much notable in itself; Microsoft, to be sure, is forever issuing patches for the many bugs that afflict its products.

Similar Articles:

What was notable about the Chrome patch, however, is the many steps Google took to ensure it. It's a testament both to the power of open source and to Google's complementary collaborative mindset.

Linus' Law

Freely downloadable for Linux and Mac as well as Windows, upstart Chrome is now the world's third most-popular browser, behind only Internet Explorer and Firefox, according to market researcher Net Applications.

Yet, whereas the makers of proprietary products like Internet Explorer have been known to take as long as a decade to fix vulnerabilities, open source offerings tend to be more secure.

That's due in part to what's known as "Linus' Law"--the idea that open source software is more secure by virtue of its openness, which means the code is visible to many more developers and testers than proprietary code is, making it more likely that any flaws will be caught and fixed quickly.

Directly opposing that argument, of course, is the "security through obscurity" pitch sometimes offered in favor of proprietary code, with the argument that making it open makes it more vulnerable. Let's just say that neither Microsoft's nor Apple's track record backs that up.

Bug Bounties

For Chrome, however, Google goes beyond relying simply on Linus' Law to identify vulnerabilities; it also adds a financial motivation.

Specifically, like Mozilla, Google offers users, developers, and researchers bounties for reporting bugs in the software. Through the Chromium Security Research Program, Google offers rewards of up to $3133 for reporting a single bug.

This time around, Google credited five researchers. Sergey Glazunov earned $4674 for reporting four bugs, including two at the previous maximum of $1337 each. Another researcher took home $2000. In all, Google paid out a record of more than $10,000 in bounties in this patch alone.

One of those fixes, it should also be noted, was for a problem in the Microsoft Windows kernel.

Developer Registration Fee

Google has also initiated a $5 registration fee for developers to prevent fraudulent extensions in the Chrome Extensions gallery and limit the activity of malicious developer accounts.

All in all, the combined effects of open source security with Google's proactiveness are why Chrome enjoys the reputation it does for enhanced security.

Now that Microsoft "loves" open source, maybe it can follow Google's example and turn things around for Internet Explorer?

Sponsored Resource: Do-it-yourself guide to home networking.
Sponsored Resource: How to choose the right server for your business.
Sponsored Resource: How to protect your PCs and servers in minutes.

Read more like this: open source, google, browser security, browsers

Katherine Noyes has been an ardent geek ever since she first conquered Pyramid of Doom on an ancient TRS-80. Today she covers business and tech in all its forms, with an emphasis on Linux and open source software. You can also find her on Twitter.

Comments

Master Windows 7!

Our expert guide will help you get the most out of Windows 7.

Get the Superguide now!

Business News Daily

Get the latest technology news that's important to you and your business, fresh seven days a week.

Best Prices on LINUX/UNIX

Directory Server - license $2937.99 and up See All Prices
Software RED HAT ENT LINUX AS STD 1YR COTERM- DIRECT ENTITLEMENT $1462.99 and up See All Prices
SuSE Linux Enterprise Server for X86 and AMD64 and Intel EM64T - ( v. 10 ) - complete package $800.00 and up See All Prices
Software RED HAT ENT LINUX WS BASIC FOR X86 COTERM ONLY $169.99 and up See All Prices

See all Best Prices on LINUX/UNIX »

Latest in Business Center Blogs

Net Work - February 15, 2012 7:25 AM
Google Wallet Open for Business Again Google has issued a fix for an issue with Google Wallet, and re-enabled provisioning of Google Wallet prepaid cards.
Security Alert - February 14, 2012 1:56 PM
Microsoft Says 'Happy Valentine's Day' with Nine Security Bulletins As expected, Microsoft has released nine security bulletins today. Security researchers and experts offer guidance on which updates are the most urgent.
Simply Business - February 14, 2012 12:19 PM
Sync Your Outlook Data Among Multiple PCs Astonsoft's EZOutlookSync makes simple work of synchronizing your contacts, calendars, notes, e-mail, and more. And you can test-drive it free for 30 days.
Linux Line - February 14, 2012 10:28 AM
Five Good Reasons to Download LibreOffice 3.5 Targeting power users, this new release of the free, open source office productivity suite is built to be 'cleaner, leaner, and more feature-rich'.
Net Work - February 14, 2012 9:37 AM
Samsung Galaxy Tab 2 Doomed by Price? If the leaked pricing for the Galaxy Tab 2 turns out to be true, the poor tablet is doomed to fizzle before it even launches.
Linux Line - February 14, 2012 8:39 AM
Six Ways to Show Your Love for Free Software Today Valentine's Day is also 'I Love Free Software Day,' according to the Free Software Foundation Europe, and there are many ways you can take part.