OStatic

Concerned About Open Source Software Security? Get Educated

According to a poll conducted by software security company Palamida, most businesses expect their IT budget to drop in the coming months but less than half plan to use open source software to fill in the gaps. At first glance, that seems like some pretty lousy news and also appears to fly in the face of what we've heard before. Before we panic, let's take a closer look at what these survey results mean.

Palamida says that a full 75% of organizations "expect their IT budget to decrease either moderately or significantly in 2009, but that only 45 percent view open source as a likely solution to the upcoming budget gap."

The company polled 177 respondents who hold positions in engineering, security, and senior IT. Though the survey was distributed across several industries including biotech/pharmaceutical, manufacturing, and healthcare, most respondents represented the financial and insurance markets.

Since its business model depends on knowing what companies need from their IT departments, Palamida tends to keep a steady finger on the pulse of open source. There are two important things to note about this poll.

First, security concerns are cited as the primary reason for why a business wouldn't choose open source IT solutions. That answer is hardly surprising when you consider the two main industries that responded to the survey -- finance and insurance. Poll, for instance, the retail or moviemaking industry and security concerns probably rank second or third as a reason to avoid open source technology.

Another important thing to remember when assessing these survey results is that respondents have a generally favorable view of open source solutions when it comes to functionality and quality. In fact, more than 62% say open source software is essentially equal to its commercial equivalents.

Palamida CEO, Mark Tolliver, says, “Open source use is flourishing inside of organizations, with applications built in the last five years, typically composed of 50 percent or more open source content. Our experience is that open source communities are typically very responsive to finding and fixing reported security problems -- and that, coupled with a proactive process for open source management via composition analysis, should reduce security concerns.”

Palamida appears to be the voice of reason at a time when other companies are striking fear into the hearts and minds of business owners considering open source alternatives. For example, technology research firm Gartner said recently that 69% of companies are vulnerable to "potential liabilities for intellectual-property violations" regarding open source software usage.

As Novell's Community Manager Joe Brockmeier points out, "Here’s a simple rule of thumb to find out if your organization’s use of open source requires a special policy: Are you modifying and distributing the software? If the answer is yes, then by all means your organization needs to have policies and oversight regarding the use and distribution of FOSS. If the answer is no, then you can stop staying up nights wondering if your organization is violating any licenses."

The bottom line is that whether its through informative surveys from Palamida or scare tactics like Gartner, security questions always arise when it comes to open source solutions in enterprise. The answers lie in education. If your company is thinking of deploying open source software in response to budget concerns, talk to people who've been there and done that already.

OStatic has great tools in place to help connect you with people who can help answer your questions and locate the right software for your needs. Palamida has also vetted a list of 25 open source projects that the company says businesses can use to "deliver higher quality software and Web applications with fewer resources."

• Software
• business
• survey
• security
• palamida
• enterprise

Share Your Comments