The Truth About Open Source Security
Open source software -- it's fast, it's popular, it's practical, and, best of all, it's free.
Chances are (if your firm is like most) you're using some of it somewhere in your enterprise; in fact, you're probably using it in multiple places. One of the most frequent questions security professionals get asked is how open source compares to its commercial counterparts from a security perspective.
There are a number of well-respected individuals arguing on both sides of the "open source security" fence: some say that the fact that open source code is transparent and freely available helps make open source more secure than commercial software.
On the other hand, there are other well-respected individuals who claim that lack of contractual agreements between vendor and purchaser in the open source world makes open source deployments less secure.
So which is it? Is it better to run your company's firewall or IDS using an open source tool, or is it better to buy something off the shelf? Let's step through some of the most common arguments used by each side of the open source security debate and see how they do or do not stand up in the light of practical reality.