WASHINGTON, D.C.—Security is becoming one of the main drivers behind the adoption of open-source software in the enterprise and government, say security experts and CIOs gathered here for Red Hat Inc.s Open Source Security Summit.
Much of the early enthusiasm for Linux and other open-source operating systems was sparked by the softwares low cost and adaptability. But, with a growing emphasis on security in the overall IT marketplace, many customers are looking at open source as a more secure alternative to proprietary software.
“A lot of our customers say that security is at the top of their list in terms of reasons theyre going to open source,” said Paul Cormier, executive vice president of engineering at Red Hat, based in Raleigh, N.C. “The reality is that theres two different development processes and the open-source paradigm is more democratic. There are all of these eyeballs on [the software] who have no agenda other than doing the right thing. The closed community relies on a small group of developers, and most of their vulnerabilities are found by the bad guys.”
Microsoft Corp. and other large software vendors have recently turned more of their attention to the security of their products. But security experts say that such efforts are fundamentally misguided and dont address the real problem.
“Can you imagine a future with no buffer overflows? We knew that world 30 years ago with Multics,” said Bill Caelli, head of the School of Software Engineering and Data Communications at Queensland University of Technology in Australia. “The vendors problem is, in a closed system you cant make incremental changes to the systems security.”
And this increased focus on security is clearly not lost on the open-source software vendors. Red Hats Cormier said the company will likely introduce “more focused products in the security area” in the months and years ahead.
- Commentary: Is Security Systems Debate Missing Point?
- Open Source: A False Sense of Security?
- Open Source Gets IT Scrutiny