Survey Claims Open Source is Business Security Risk
July 21, 2008
How many companies do you know still refuse to run Linux?
Their argument is the source code is 100% available and open, so hackers know the vulnerabilities and potentially harm your system.
Here’s some reality…
First of all, the number 1 threat to your companies security policy is your own employees.
Second, yes, the number of Linux and Mac viruses are increasing slowly, but nothing compares to the Microsoft world! I patch my computers every second Tuesday after reading the security bulletins (though workstations and laptops ar emore vulnerable then servers)
Here is an article from IT Pro with the results from a survey:
Management needs to be very careful when choosing open-source software as a business option, as security leaves a lot to be desired, according to a new report.
The most widely-used open-source software packages are exposing businesses to significant and unnecessary risk, according to Fortify.
In its Open Source Security Study, which examined 11 of the most common Java open source packages, Fortify claimed that open-source software development communities were not working securely and leaving dangerous vulnerabilities unaddressed.
The packages tested included application server, customer relationship manager(CRM), web application and content management system (CMS) projects. Most did not have documentation covering security, an email for users to report vulnerabilities, or easy access to internal experts to discuss security issues. Also, in every project analysed, there were security issues that weren’t addressed.
Two vulnerabilities were especially prevalent, with 22,828 examples of cross-site scripting and 15,612 SQL injection vulnerabilities - the latter of which IT PRO has recently covered.
The survey showed that most open source communities did not follow business-level control standards, and that there was a hidden cost for companies using open source as they had to test and patch for unanticipated security bugs.
Howard A. Schmidt, a former cyber security officer to the White House, said that open-source software was valuable, but needed to be a point of concern for chief information officers who depended on it to run their business.
“This is an endemic issue that starts in the open source community,” he said of the security problems. “Open-source software faces the same vulnerabilities as commercial or in-house developed software.”
He added: “The mechanisms to test and analyse software code need to be done with great rigour in open source communities to influence a secure development process.”
Fortify recommended that government and commercial organisations which use open source do so with great caution, and that open source communities needed to raise security awareness as well as adopt commercial security practices from the commercial world.
Fortify said that open source development team Mozilla’s recent move to hire independent security consultant Rich Mogul this month was a move that others needed to follow.
Related Articles on CRM Help Desk Software.com
- Information Security Management Risks
- vtiger CRM: Enterprise-ready Open Source CRM software
- So You Want to Go Open Source?
- Managing Risk in Information Technology - Part 1
- Wellpoint SSN, Medical Records Left Unsecured on the Internet
Recent Articles on CRM Help Desk Software.com
- Workday: The Next Software Power?
- Maximizer Software Launches New Brand and Corporate Focus on Mobile CRM
- Intelestream and Compiere Partner to Deliver Integrated ERP Solutions
- Gmail Outage Raises Doubts About Cloud Computing
- FreeCRM Now the Safest Online CRM in the Industry
- iDashboards presents Olympic Results Tracking
- IFS Announces Heightened User Experience for its CRM Solution
- Product Comparison for Customer Relationship Management Solutions for Small Enterprises
- Zoho Welcomes Prestige Home Automation as One Millionth User
- Soffront CRM Supports Multi-Currency
Free Newsletter
Sign up for the free Daily newsletter, filled with tips and ideas on how to choose a proper CRM, Help Desk, Customer Support, or Enterprise Content Management software system. Your email address will be kept confidential and won't be shared. Easily unsubscribe at any time.
If you enjoy the free information available on this site, you're sure to enjoy the free newsletter as well:
Site Search Tags:
CRM, Help Desk, Customer Support, Marketing, ERP, Enterprise Content Management, ITIL, ISO 20000, Data Security, On-Demand, SaaS,
Share and Enjoy:
Comments
One Response to “Survey Claims Open Source is Business Security Risk”
Got something to say?
Complete List of CRM Vendors & Help Desk Vendors
Latest Headlines
- Workday: The Next Software Power?
- Maximizer Software Launches New Brand and Corporate Focus on Mobile CRM
- Intelestream and Compiere Partner to Deliver Integrated ERP Solutions
- Gmail Outage Raises Doubts About Cloud Computing
- FreeCRM Now the Safest Online CRM in the Industry
- iDashboards presents Olympic Results Tracking
- IFS Announces Heightened User Experience for its CRM Solution
I like that you pointed out the aspect of “potential hidden costs”. A friend of mine that has worked with open source for years has always said “The software is free, but you pay for it with your time.” Whether free as in freedom, or free as in beer, I think the idea behind that statement remains the same. Open source offers a lot of benefits to customers, and can be a solid, reliable solution if you have someone with the know how to maintain it. I think this can be said about most business software solutions.