Is open-source secure enough for the enterprise?

With yesterday's announcement that Oracle would begin distributing and supporting Red Hat, we saw yet another big win for open-source in the enterprise. Keeping that in mind, here's a question that's worth asking: Are open-source projects secure enough for large corporations to deploy? According to Red Hat employee and British open-source icon Alan Cox, the answer may be "no." "There is a lot of money going into security, but the situation is worse, because there is a lot of money going into breaking security," Cox told the crowd at London's LinuxWorld conference. "People are being paid to work breaking down software systems." Cox claims that while high-profile projects--like the Linux kernel--are generally secure, many less prominent open-source projects fall short when it comes to security. The reputation of open-source as a secure alternative may be to blame, allowing complacency in software developers. If open-source adoption in the enterprise continues, the development community may have to turn more of their attention toward creating and maintaining a secure platform.

For more on open-source security:
- check out this ZDnet article