Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Open source danger for government applications

Fortify : 06 February, 2009  (Technical Article)
Public sector organisations need to think carefully about the security implications before opting for open source solutions according to Fortify
Fortify Software says that the Conservative party is misguided in its criticism of the UK government over its lack of support for open source software.

'The Conservatives have accused the Government of failing to capitalise on open source software, despite reports from government agencies that have recommended its usage,' said Richard Kirk, Fortify's VP and GM of Europe.

'Our own research, however, has concluded that open source software exposes users to significant and unnecessary business risk, as the security is often overlooked, making users more vulnerable to security breaches. That's not to say that commercial software isn't without risks, but any flaws on commercial applications tend to get patched a lot faster than on open source, as the vendors producing the software have a lot more to lose than an open source programmer,' he added

According to Kirk, Fortify's sponsored report, released last summer, looked at 11 of the most common Java open source packages, scanning them using Fortify SCA, the static analyser seen in its security suite, Fortify 360.

Manual code scanning, he explained, was also carried out on security-sensitive areas of code. But, the Fortify Vice President says, the boundaries between commercial and open source applications are blurring. Gartner, he explained, has reported that, by 2011, 80 per cent of commercial software will include elements of open source technology (Gartner, The State of Open Source 2008, April 2008) and other research companies have made the same conclusions as well.

According to Kirk, whilst open source software appears to be the logical choice over commercial applications in terms of direct costs associated with purchasing a business program, the indirect and less tangible costs can often outweigh the direct cost savings.

'The cost of ruggedising software and generally ensuring that no faux pas will be experienced in the organisation adopting the open source code can end up costing firms a lot more in the longer term. And that's before you factor in the risk associated with using software that is potentially flawed,' he said.

'It's therefore highly questionable whether the Conservative Party has thought this issue through before criticising the current Government for failing to support open source. There are lot more issues to account for than the direct costs of migrating from commercial to open source applications. The Government shouldn't just consider OS because it significantly reduces costs, especially after their recent history of data breaches, they have to be able to guarantee that it is robust from a security stand-point too. 'he added
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo