Has security become a non-issue for enterprise Open Source?

Now, at a time when Open Source is gaining momentum in Australia, Schneier’s perspective could contribute to increased uptake in the enterprise, education and government sectors.

The recent Australian Open Source Industry & Community Report portrayed a ‘very strong’, ‘rapidly growing’ local market for Open Source in both private and public sectors.

Produced by Open Source consulting firm Waugh Partners, the census listed property and business, education, health, retail and government as industries that are most serviced by Open Source currently.

Sixty-one percent of census respondents were found to service organisations of 200 or more employees, suggesting that Open Source now reaches beyond small-to-medium enterprises (SMEs), to larger organisations.

However, the report highlighted ‘lingering misconceptions’ about the availability of Open Source vendor support, which could contribute to slow commercial and government uptake of Open Source solutions in Australia.

According to Renee Hoareau, who is the Executive Officer of the Victorian Information Technology Teachers Association (VITTA), a lack of suitably-skilled network administrators has hindered the uptake of Open Source in schools.

“This is something the open source industry really needs to address,” she told iTnews. “More affordable training and certification for school network technicians is required.”

Skills shortage aside, however, Hoareau expects there to be ‘no technical reason’ why Open Source would be unsuitable for schools -- especially since Open Source software forms the basis of mission-critical environments in international companies such as Yahoo and Amazon.

Still, the security of Open Source software has been a talking point for some organisations in the past.

A report published last month by security vendor Fortinet suggested that enterprises are underestimating the security risks of eleven popular Open Source applications.

However, according to Hoareau, concerns about the public availability of source code seem to have vanished in the face of simple human management.

“Maintaining a secure environment involves following strict policies and careful procedures,” she said. “The most secure system in the world can be breached by a trusted person being careless with their password or security tokens.”

“Good school network security depends on good network management,” she said. “I would think Open Source applications pose no greater security risk for schools than any other type of software would.”

Russian security vendor, Kaspersky Lab, agrees that Open Source software is unlikely to be any more vulnerable to attacks than its proprietary counterpart.

Although Open Source code allows cybercriminals to find vulnerabilities more easily, vendors and developers are able to identify and fix flaws more easily as well, Kaspersky’s virus analyst Sergey Golovanov said.

To cater to clients who use Open Source operating systems on their servers and workstations, and those employing mixed corporate networks, Kaspersky Lab started developing security solutions for Open Source platforms ‘years ago’, Golovanov told iTnews.

“Obviously, in such a network all nodes have to be protected, so a security company must be able to offer the full range of solutions,” he said. “It is essential that we provide them with adequate protection for their IT infrastructure.”

brucedigitaleducationhatkasperskylabopenredschneiersoftwaresource