Security is becoming one of the main drivers behind the adoption of open-source software in the enterprise and government, according to security experts and CIOs who gathered here for Red Hat Inc.s Open Source Security Summit.
Much of the early enthusiasm for Linux and other open-source operating systems was sparked by the softwares low cost and adaptability. But with a growing emphasis on security in the IT marketplace, many customers are looking at open source as a safer alternative to proprietary software, according to security industry insiders.
"A lot of our customers say security is at the top of their list in terms of the reasons theyre going to open source," said Paul Cormier, executive vice president of engineering at Red Hat, based in Raleigh, N.C.
Cormier said he believes the intensive code review process used in open-source development helps open-source vendors release more secure, reliable applications. "A large percentage of vulnerabilities are through programming errors," Cormier said. "Its hard for those to get through in open source. We find most of our own errors."
"The reality is that there are two different development processes, and the open-source paradigm is more democratic," Cormier said. "There are all of these eyeballs on [the software] who have no agenda other than doing the right thing. The closed community relies on a small group of developers, and most of their vulnerabilities are found by the bad guys."
Open to SecurityCustomers see open-source software as more secure because:
"Can you imagine a future with no buffer overflows? We knew that world 30 years ago with MULTICS [Multiplexed Information and Computing Service]," said Bill Caelli, head of the School of Software Engineering and Data Communications at Queensland University of Technology, in Brisbane, Australia. "The vendors problem is, in a closed system, you cant make incremental changes to the systems security."
This increased focus on security is not lost on open-source software vendors. Red Hats Cormier said the company will likely introduce "more focused products in the security area."