Language Selection

English French German Italian Portuguese Spanish

The Truth About Open Source Security

Filed under
OSS

Open source software -- it's fast, it's popular, it's practical, and, best of all, it's free.

Chances are (if your firm is like most) you're using some of it somewhere in your enterprise; in fact, you're probably using it in multiple places. One of the most frequent questions security professionals get asked is how open source compares to its commercial counterparts from a security perspective.

There are a number of well-respected individuals arguing on both sides of the "open source security" fence: some say that the fact that open source code is transparent and freely available helps make open source more secure than commercial software.
On the other hand, there are other well-respected individuals who claim that lack of contractual agreements between vendor and purchaser in the open source world makes open source deployments less secure.

So which is it? Is it better to run your company's firewall or IDS using an open source tool, or is it better to buy something off the shelf? Let's step through some of the most common arguments used by each side of the open source security debate and see how they do or do not stand up in the light of practical reality.

Full Story.

More in Tux Machines

today's leftovers

  • Calamares 2.3 Installer Released
  • ANNOUNCE: libosinfo 0.3.1 released
    I am happy to announce a new release of libosinfo, version 0.3.1 is now available, signed with key DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF (4096R). All historical releases are available from the project download page.
  • There and Back Again: The MongoDB Cloud Story
    Before it was a database company, MongoDB was a cloud company. Founded in 2007 and originally known as 10gen, the company originally intended to build a Java cloud platform. After building a database it called MongoDB, the company realized that the infrastructure software it had built to support its product was more popular than the product itself, and the PaaS company pivoted to become a database company – eventually taking the obvious step of renaming itself to reflect its new purpose.
  • C++17: New Features Coming To 33-Year-Old Programming Language
    The C++17 standard is taking shape and adding new features to the vintage programming language. This major update aims to make C++ an easier language to work with and brings powerful technical specifications.
  • Clearing the Keystone Environment

GNU/Linux Leftovers

Red Hat Summit

  • Red Hat Summit Advocates the Power of Participation
    Red Hat hosted its annual Red Hat Summit customer event June 28-30 at the Moscone Center in San Francisco, with a theme of harnessing the power of participation. Once again, the DevNation developer event, which is the successor to JBoss World, was co-located with Red Hat Summit. For JBoss, 2016 is a particularly significant year as it marks 10 years since Red Hat acquired it. At DevNation, Red Hat announced the new JBoss Enterprise Application Platform (EAP) 7 release, providing new cloud-enhanced capabilities for Red Hat's flagship middleware platform. JBoss is now also working to help enable Java for the container era, with the launch of the MicroProfile Project, an effort to optimize enterprise Java for a microservices architecture. Java wasn't the only focus of DevNation this year either, as Microsoft took center stage too, announcing the availability of its .NET Core for Red Hat Enterprise Linux. In this slide show, eWEEK takes a look at some of the highlights of the Red Hat Summit and DevNation 2016 events.
  • How Red Hat is tailoring OpenStack to fit … everyone
    Even though there have been no major changes announced to the OpenStack platform of late, it was still one of the most talked about subjects at this year’s Red Hat Summit. Red Hat plays a significant role in the development of the platform and is very proud of its contribution to the community.
  • New technologies foster an open-source environment
    In 2007, when 3scale, Inc. was founded, some people thought it was crazy to be investing so much time and energy into API. But Steven Willmott, CEO of 3scale, Inc., said that even at that time his team knew that the future was API-driven, and they wanted to help that happen.

Leftovers: Gaming