Some believe that because open-source code receives more scrutiny, it's more secure. But it's more complicated than that. While heavily used and actively maintained open-source applications like Apache and OpenSSH probably receive a great deal of scrutiny, smaller applications or applications that are not as actively maintained probably have not. By the same token, commercial software vendors vary as well; some are actively committed to making sure that their source code is thoroughly tested and audited whereas others aren't. Some also believe that the contractual relationship between purchaser and vendor in typical commercial software licensing arrangements provides a degree of accountability not present in an open-source context. But it depends. In some cases, open-source developers provide paid support relationships for projects they maintain for users that need it; in other cases, non-affiliated third parties provide support for the open-source tools. And many open-source products are very open about making available answers to previously asked questions via mailing list archives and/or Web sites. Also, open-source products usually issue security updates as needed, while commercial vendors make patches available on a set schedule. At the end of the day, it depends on your enterprise and the particular projects and products in question.
Read more about open-source security:
- read the article at TechNewsWorld
ALSO:
- read this on the danger of open-source
- and this on making open-source attractive to business
