Ask the Expert

Important security issues in open source

Open source software is considered to be more secure than proprietary software in many respects, but certainly there are some security issues that open source users should keep in mind. What are the most important of those issues?

Requires Free Membership to View

I think that both open source and commercial, proprietary software have security issues and challenges. I am not sure one can be considered more secure than another. I think, in many cases, open source software security issues are identified and patched faster than proprietary software (compare the response of the open source database development teams with Oracle, for example). But generally speaking, the same rules apply for both open source and commercial software:

  • Monitor bug and security announcements for your applications and other software to identify vulnerabilities and bugs that may be applicable to you.
  • Patch, upgrade and update your software regularly.
  • Ensure you implement and install your applications and other software in a secure manner.
  • Monitor your environment and applications for issues - both functional and security related.

There are two additional issues that are more open source-specific that you might also want to consider:

  • Ensure that if you chose open source software that is supported or developed by a limited number of individuals that you have a exit plan. If the developer stops supporting or developing your chosen application, then you must be prepared to support the application yourself or migrate to another application. Remember that if you do run an unsupported application, the chances of an undiscovered or uncorrected security vulnerability occurring are obviously increased.
  • Accept that if you do discover a security or functionality bug in your application or software that the developers are under no obligation to fix it. Indeed, unlike software with maintenance, they are under no obligation to even acknowledge that there is an issue. Some open source developers are notorious for being reluctant to accept that there are issues with their software.

This was first published in November 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: