Article

Open source security concerns can trump cost savings

Neil Roiter, Senior Technology Editor, Information Security magazine

Companies believe open source software reduces costs and delivers comparable functionality to commercial products, but they are not rushing to adopt it to offset tight IT budgets.

SearchSecurity.com:

To get security news and tips delivered to your inbox, 

    Requires Free Membership to View

click here to sign up for our free newsletter.

The number one concern is security, according to a survey by security company Palamida Ltd. Although most of the companies surveyed are facing budget cuts and cite cost as the primary open source benefit, more than half say they either absolutely will not or are unlikely to adopt open source in 2009.

Only 12% of the respondents said they would definitely use open source, while another 33% would consider it.

The cost factor cannot be understated. A recent Forrester Research Inc. survey corroborates this point, as more than half the respondents cited it as the primary reason for using open source. And their expectations bore fruit: 87% said they achieved the anticipated cost savings.

Open source security:

TrueCrypt an open source laptop encryption choice for SMBs: TrueCrypt eases security and privacy concerns. The open source security software encrypts a dedicated space on your hard drive, a partition or the whole disk, as well as removable drives.

Open source projects fall short on security: A study shows many flaws in popular projects and the failure of open source developers to make security a priority. 

Federal aid helps uncover open source flaws: A joint project with security vendor Coverity Inc. uncovered flaws in 11 open source projects, including Perl, PHP, Python, Samba and TCL.

And, quality doesn't seem to be an issue. A majority of those surveyed by Palamida believe open source is as good or almost as good as commercial software, and 92% told Forrester that open source met or exceeded their quality expectations.

Still, security appears to be a sticking point, though not the only one. Half the Palamida respondents cited security concerns, but are also hesitant because of support costs and risks around intellectual property.

Palamida's products assess open source software in an organization, finding unpatched programs and OSes a sticky issue, since companies are often unaware of where and how open-source projects may be used in their applications. They also address intellectual property and legal risks arising from potential licensing questions.

Palamida surveyed 177 high-level executives in senior IT, engineering and security positions.

"It was surprising to us that the perception of senior managers around security are headlined-oriented," said Theresa Bui-Friday, Palamida's vice president of product marketing. "Their conclusions are anecdotal, such as the recent Google Android OS vulnerabilities.

"If you dig deeper you find that the issue was Google was using an outdated version of WebKit (the open source engine on which the Android browser is based). Open source projects, by and large, are very responsive."

By contrast, a study by Fortify Software Inc. last summer showed that 11 popular open source projects had many vulnerabilities and exhibited lax security practices.

In addition to the survey, Palamida issued a list of 25 open source projects companies should be using to save money, including development tools such as NetBeans; database and mapping projects such as Apache Derby and MySQL; core utility classes such as zlib; reporting and chart tools, such as JFreeChart, and Web 2.0 projects, including the Prototype JavaScript framework. Palamida also estimates the cost in dollars and person-years to develop similar capabilities completely in-house.

The projects are included in a white paper in which Palamida makes the case for employing open source projects to reduce development costs in a tough economic climate.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: