Language Selection

English French German Italian Portuguese Spanish

The Truth About Open Source Security

Filed under
OSS

Open source software -- it's fast, it's popular, it's practical, and, best of all, it's free.

Chances are (if your firm is like most) you're using some of it somewhere in your enterprise; in fact, you're probably using it in multiple places. One of the most frequent questions security professionals get asked is how open source compares to its commercial counterparts from a security perspective.

There are a number of well-respected individuals arguing on both sides of the "open source security" fence: some say that the fact that open source code is transparent and freely available helps make open source more secure than commercial software.
On the other hand, there are other well-respected individuals who claim that lack of contractual agreements between vendor and purchaser in the open source world makes open source deployments less secure.

So which is it? Is it better to run your company's firewall or IDS using an open source tool, or is it better to buy something off the shelf? Let's step through some of the most common arguments used by each side of the open source security debate and see how they do or do not stand up in the light of practical reality.

Full Story.

More in Tux Machines

Debian 9.0 "Stretch" Might Not Have UEFI Secure Boot Support

Debian 9.0 "Stretch" has seen UEFI Secure Boot support no longer being considered a release blocker but is now just a stretch goal for this upcoming release. Debian developer Jonathan Wiltshire shared that while Secure Boot support was planned for Debian 9.0, it might not happen now due to short on time and resources. Secure Boot might still work its way though into a later Debian 9.x update. Read more

Development News: Rust 1.17 and SourceForge

  • Announcing Rust 1.17
    The Rust team is happy to announce the latest version of Rust, 1.17.0. Rust is a systems programming language focused on safety, speed, and concurrency.
  • Rust 1.17 Released
    Judging by the massive Rust fan base in our forums, those of you reading this will be delighted today about the newest version of Rustlang, v1.17.
  • SourceForge: Let's hold hands in a post-CodePlex world [Ed: Microsoft Gavin needlessly interjects Microsoft into it. Like CodePlex was EVER relevant…]
    President Logan Abbott has said he’ll seek tighter integration between SourceForge’s tools and those of others – including giant rival GitHub.

Nouveau Re-Clocked With DRM-Next Linux 4.12 + Mesa 17.2-dev vs. NVIDIA 381 Driver

A few days back I posted benchmarks of the initial GTX 1050/1060/1070/1080 Nouveau 3D support. As expected, the performance was rather abysmal with re-clocking not being available for Pascal (or Maxwell) GPUs on this open-source NVIDIA Linux kernel driver. For those trying to use Nouveau for Linux games or care about your GPU clock speeds, currently the GTX 600/700 "Kepler" series is still your best bet or the GTX 750 "Maxwell 1" is the last NVIDIA graphics processors not requiring signed firmware images and can properly -- but manually -- re-clock with the current Nouveau driver. Read more

Coverage From Recent Linux Conferences