Companies believe open source software reduces costs and delivers comparable functionality to commercial products, but they are not rushing to adopt it to offset tight IT budgets.
The number one concern is security, according to a survey by security company Palamida Ltd. Although most of the companies surveyed are facing budget cuts and cite cost as the primary open source benefit, more than half say they either absolutely will not or are unlikely to adopt open source in 2009.
Only 12% of the respondents said they would definitely use open source, while another 33% would consider it.
The cost factor cannot be understated. A recent Forrester Research Inc. survey corroborates this point, as more than half the respondents cited it as the primary reason for using open source. And their expectations bore fruit: 87% said they achieved the anticipated cost savings.
Open source security:
an open source laptop encryption choice for SMBs: TrueCrypt eases security and privacy
concerns. The open source security software encrypts a dedicated space on your hard drive, a
partition or the whole disk, as well as removable drives.
Open source projects fall short on security: A study shows many flaws in popular projects and the failure of open source developers to make security a priority.
Federal aid helps uncover open source flaws: A joint project with security vendor Coverity Inc. uncovered flaws in 11 open source projects, including Perl, PHP, Python, Samba and TCL.
And, quality doesn't seem to be an issue. A majority of those surveyed by Palamida believe open source is as good or almost as good as commercial software, and 92% told Forrester that open source met or exceeded their quality expectations.
Still, security appears to be a sticking point, though not the only one. Half the Palamida respondents cited security concerns, but are also hesitant because of support costs and risks around intellectual property.
Palamida's products assess open source software in an organization, finding unpatched programs and OSes a sticky issue, since companies are often unaware of where and how open-source projects may be used in their applications. They also address intellectual property and legal risks arising from potential licensing questions.
Palamida surveyed 177 high-level executives in senior IT, engineering and security positions.
"It was surprising to us that the perception of senior managers around security are headlined-oriented," said Theresa Bui-Friday, Palamida's vice president of product marketing. "Their conclusions are anecdotal, such as the recent Google Android OS vulnerabilities.
"If you dig deeper you find that the issue was Google was using an outdated version of WebKit (the open source engine on which the Android browser is based). Open source projects, by and large, are very responsive."
By contrast, a study by Fortify Software Inc. last summer showed that 11 popular open source projects had many vulnerabilities and exhibited lax security practices.
The projects are included in a white paper in which Palamida makes the case for employing open source projects to reduce development costs in a tough economic climate.