[ insider_reports_insider ]
Security Company Asks Obama To Think Twice About Open Source
SecurityProNews
Staff Writer
2009-02-18
 Insider Reports RSS Feed
Proprietary computer security company Fortify hopes the Obama Administration will think carefully about adopting open source software, especially in regard to security concerns.
 |
Open Source Software May Be Bad Idea |  |
Recently, 15 executives at open source companies sent a letter lobbying the Obama Administration to consider open source solutions. The letter, signed by executives at companies like MuleSource, Compiere, OpenLogic, and Unisys, espoused belief that "the open-source industry is changing the world of software in many of the ways [Obama has] promised to changed American politics. We sincerely hope you will make the use of open-source software a key component of every new technology initiative the United States government enters into."
Fortify says that could be a bad idea because of lack of good security practices among open source developers. Though not specifically condemning open source software in general, Fortify CTO Roger Thornton warns that saving money via unlicensed software could cost more in the long run due to the expense of repair, recoding, and potential litigation.
"If security objectives are not clear and secure development methodologies are not in place, it's a pretty safe bet that security problems will result -whether open source or commercial software," said Thornton, whose previous employers include Apple and Sun Microsystems. "We have experience with hundreds of development organizations establishing, and in many cases, defining, engineering processes that assure application security. These organizations have put in place security controls for open source because of poor security practices."
In Spain, the government is also being encouraged to adopt open source software, specifically Hipergate, a Web-based application suite running on multiple databases and operating systems. Thornton warns against this solution specifically and hopes the new US administration will avoid a similar potential pitfall.
"Our manual and automated review of Hipergate highlight what a lack of security process means. Hipergate lacks a security expert and doesn't even have a security email alias. Hipergate has about 16 vulnerabilities per 1000 lines of code-which is outrageously high. Hipergate should not be used by anyone," he said.
"Because of this, we urge President Obama's Administration to thoroughly research the possibilities offered by open source, but also consider the ramifications of using this technology."
Fortify, perhaps unsurprisingly is backed by a small legion of proprietary guys, including former Microsofties Tod Nielsen and Howard Schmidt, also former White House Cyber Security Advisor under the Bush Administration.
Coincidentally, Microsoft is also on a PR blitz promoting its "baked in" security, developed from the company's Security Development Lifecycle. They've gone all out, even producing comic strips and videos.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
