Tories ‘misguided’ over open source software
“The Conservatives have accused Labour of failing to capitalise on open source software, despite reports from Government agencies that have recommended its usage,” said Richard Kirk, Fortify’s vice-president and general manager for Europe.
“Our own research has concluded that open source software exposes users to significant and unnecessary business risk, as the security is often overlooked, making users more vulnerable to security breaches,” continued Kirk. “That’s not to say commercial software isn’t without risks, but any flaws on commercial applications tend to be patched a lot faster than on open source, as the vendors producing the software have a lot more to lose than an open source programmer.”
Common Java open source packages
Fortify’s sponsored report, released last summer, looked at 11 of the most common Java open source packages, scanning them using Fortify SCA (the static analyser seen in its security suite, Fortify 360).
Manual code scanning was also carried out on security-sensitive areas of code. However, the boundaries between commercial and open source applications are blurring. “Gartner,” explained Kirk, “has reported that, by 2011, 80% of commercial software will include elements of open source technology. Other research companies have made the same conclusions.”
According to Kirk, while open source software appears to be the logical choice over commercial applications in terms of direct costs associated with purchasing a business program, the indirect and less tangible costs can often outweigh the direct cost savings.
“The cost of ruggedising software and generally ensuring that no faux pas will be experienced in the organisation adopting the open source code can end up costing firms a lot more in the longer term. That’s before you factor-in the risk associated with using software that’s potentially flawed.”
Other issues must be considered
On that basis, Kirk told SMT Online: “It’s highly questionable whether the Conservative Party has thought this issue through before criticising the current Government for failing to support open source. There are lots more issues to account for than the direct costs of migrating from commercial to open source applications.”
Kirk concluded: “The Government shouldn’t just consider open source because it significantly reduces costs, particularly so given the recent spate of data breaches. The Government must also be able to guarantee that it’s robust from a security standpoint.”
Tories ‘misguided’ over open source software
“The Conservatives have accused Labour of failing to capitalise on open source software, despite reports from Government agencies that have […]
IFSEC Insider
IFSEC Insider | Security and Fire News and Resources