An open source security policy should be set up no differently than any other security strategy and policy. Document the environment, assess the risks, design and implement controls to mitigate the risks, and monitor and actively manage your environment.
You should take into consideration the issues I raised in this answer to another question. These may reveal some additional risks. A risk that is present for open source software, but possibly not found in commercial software, is a potential lack of support or patches to fix issues.
Related Q&A from James Turnbull
A user wants to implement OSSEC on a Windows server because he has no server side Linux operating system.continue reading
Solaris 10 Trusted Extensions and SELinux are best suited to different system requirements and administrator skill sets. Our security expert explains...continue reading
Configuring spam filters Spamassassin and dspam together in the email server Postfix is easy with the resources listed by our security expert.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.