ITBusiness.ca

Open Source security flaws transcend personal biases

Call it equal-opportunity vulnerability: In recent months, open source software has faced a growing number of security threats, in the form of hacks, cracks, viruses and worms. It seems like no network or server is safe any more, regardless of their use of proprietary or more open-ended applications.

Debates

have raged over the extent of these threats, as well as who is ultimately responsible for them, I’ve seen a lot of conspiracy theorists blame Microsoft Corp. for playing things up, while others pronounce the death of Linux . However I believe that in some ways, this growing insecurity is also a sign of the strength of Open Source.

It’s a bit like what sometimes happens in Hollywood: the more popular you are, the more of a target you become. One technology administrator I spoke with recently described how upgrading to Windows NT left his network more prone to attack in some ways, since no one had ever written a virus for his organization’s previous (and archaic) platform.

Still, open source offerings have taken a firm hold in the enterprise, and it’s important that organizations be adequately prepared for threats big and small.

Forrester Research Inc. claims that while the number of Global 3,500 companies implementing Linux this year has “”hardly increased”” from 2001, nearly 10 per cent of them use the operating system.

Apache, the public-domain Web server, has a much stronger presence. In June, nearly 60 per cent of the top servers were running the open source app, compared with about 29 per cent running Microsoft products. That figure was up by more than three per cent from May and occurred at Microsoft’s expense, according to Netcraft.

In the face of these statistics, enterprise IT managers would be wise to keep tabs on the growing risks:

None of this is to say that Open Source apps are worse than proprietary software in terms of security. Most of the threats outlined above pale in comparison to the litany of woes that Microsoft’s Internet Information Server has seen over the years.

But rather than bashing or praising specific products based on a preference for one camp or another, it’s far more worthwhile to balance potential risks with available resources. Since most organizations use a mix of software applications, this means keeping personal biases in check — and making security a non-denominational concern.

johnsaunders@sympatico.ca

Exit mobile version