Language Selection

English French German Italian Portuguese Spanish

The Truth About Open Source Security

Filed under
OSS

Open source software -- it's fast, it's popular, it's practical, and, best of all, it's free.

Chances are (if your firm is like most) you're using some of it somewhere in your enterprise; in fact, you're probably using it in multiple places. One of the most frequent questions security professionals get asked is how open source compares to its commercial counterparts from a security perspective.

There are a number of well-respected individuals arguing on both sides of the "open source security" fence: some say that the fact that open source code is transparent and freely available helps make open source more secure than commercial software.
On the other hand, there are other well-respected individuals who claim that lack of contractual agreements between vendor and purchaser in the open source world makes open source deployments less secure.

So which is it? Is it better to run your company's firewall or IDS using an open source tool, or is it better to buy something off the shelf? Let's step through some of the most common arguments used by each side of the open source security debate and see how they do or do not stand up in the light of practical reality.

Full Story.

More in Tux Machines

Fedora 23 EOL, Bye to FBDEV, Installfests of Yore

With Fedora 25 safely out of the door, time has come to bid adieu to version 23. Users are urged to upgrade. Elsewhere, Robin Miller looked back at an activity that older Linux users may remember, the Linux installfest. Michael Larabel reported today that the kernel may drop framebuffer device drivers and Dustin Kirkland shared Ubuntu's security overview. Read more Also: neon User LTS, openSUSE Upgrades, Best Distro Poll

Chromium/Chrome News

It's Been A Quiet Year-End For BUS1, The Proposed In-Kernel IPC For Linux

With the Linux 4.10 kernel merge window expected to open this weekend, I was digging around to see whether there was anything new on the BUS1 front and whether we might see it for the next kernel cycle. While I have yet to see any official communication from the BUS1 developers, it doesn't look like it's happening for BUS1. In fact, it's been a rather quiet past few weeks for these developers working on this in-kernel IPC mechanism to succeed the never-merged KDBUS. Read more Also: Intel Working On 5-Level Paging To Increase Linux Virtual/Physical Address Space

Games for GNU/Linux