Language Selection

English French German Italian Portuguese Spanish

The Truth About Open Source Security

Filed under
OSS

Open source software -- it's fast, it's popular, it's practical, and, best of all, it's free.

Chances are (if your firm is like most) you're using some of it somewhere in your enterprise; in fact, you're probably using it in multiple places. One of the most frequent questions security professionals get asked is how open source compares to its commercial counterparts from a security perspective.

There are a number of well-respected individuals arguing on both sides of the "open source security" fence: some say that the fact that open source code is transparent and freely available helps make open source more secure than commercial software.
On the other hand, there are other well-respected individuals who claim that lack of contractual agreements between vendor and purchaser in the open source world makes open source deployments less secure.

So which is it? Is it better to run your company's firewall or IDS using an open source tool, or is it better to buy something off the shelf? Let's step through some of the most common arguments used by each side of the open source security debate and see how they do or do not stand up in the light of practical reality.

Full Story.

More in Tux Machines

Barbie the Debian Developer

Some people may have seen recently that the Barbie series has a rather sexist book out about Barbie the Computer Engineer. Fortunately, there’s a way to improve this by making your own version. Thus, I made a short version about Barbie the Debian Developer and init system packager. Read more

Automotive Grade Linux Adds Industry Partners for Open Source Cars

Cars may still not be the first thing that comes to mind when one thinks of Linux and open source, but the Linux Foundation's Automotive Grade Linux (AGL) project continues to expand. This week, it announced three new members, bringing the total number of industry partners and academic collaborators to 46. Read more

Kubuntu CI: the replacement for Project Neon

Many years ago Ubuntu had a plan for Grumpy Groundhog, a version of Ubuntu which was made from daily packages of free software development versions. This never happened but Kubuntu has long provided Project Neon (and later Project Neon 5) which used launchpad to build all of KDE Software Compilation and make weekly installable images. This is great for developers who want to check their software works in a final distribution or want to develop against the latest libraries without having to compile them, but it didn't help us packagers much because the packaging was monolithic and unrelated to the packages we use in Kubuntu real. Read more

How SanDisk is Becoming an Open Source Player

Earlier this year SanDisk committed to becoming an open source player, created an open source strategy office and joined the Linux Foundation. Since then, the flash storage company has begun contributing to open source projects in the three main areas of its business: mobile, enterprise and hyperscale computing, and consumer products, said Nithya Ruff, director of the open source strategy office at SanDisk in an online presentation yesterday. Read more