If a recent Evans Data Corp. survey is any indication, IT administrators are increasingly worried about security holes in mainstream database products and are looking at open source alternatives. But John Andrews, president of the Santa Cruz, Calif.-based research firm, said that doesn't mean open source is necessarily better.
Growing interest in open source databases can be compared to the popularity of open source Web browsers like Firefox, he said. People got tired of malware targeting flaws in Internet Explorer and turned to Firefox as the better option. But as more people download Mozilla's browser, security researchers are uncovering more bugs as well. The same scenario may play out as open source databases grow more popular.
"The open source database market is immature compared to the market for proprietary products from the likes of Oracle and IBM," Andrews said. "We haven't had that test of time where you can really measure which is more secure. But there's no question that we're seeing an appetite for open source."
Based on a survey of 400 database administrators from various industries earlier this month, Evans Data found that open source database deployments were up more than 20% in the last six months. Use of the open source MySQL database, for example, increased by more than 25% in six months, and 44% of developers are now using it.
Respondents cited security as an important factor of database development. Only 9% of those using open source reported a security breach within the last year. For the most part, they said incidents were relatively infrequent -- five or less in that timeframe. One in four breaches were caused by authentication glitches, they said. Network intrusion is the second-biggest problem, 20% said. About 11% of the open source users reporting problems said physical access caused a breach.
By comparison, 85% of respondents said data held in a proprietary database server was compromised at least once in the last year. Seventeen percent said network intrusions were the biggest problem, followed by user authentication (11%) and physical access (12%). Thirty-four percent of proprietary database server users said they experienced security problems other than those listed above.
While he said it's too soon to judge whether open source databases are more secure than closed systems, Andrews believes the open source developers have an edge. "Because it's open source they can plug holes more quickly," he said. But, he added, "Open source is starting to go through [security] issues proprietary database vendors were dealing with two years ago."
While the open source vendors now have the public's attention, he said, they also have the attention of vulnerability researchers who will try harder to find holes.
"Now the test is in how well the open source guys can keep up," Andrews said.