Discussion on Information Assurance topics, sharing approaches, best practices, new ideas, and events.
Security and Opensource software
June 10, 2009 at 12:43 pm #73757
Have “cross posted to Open Source software in Government
Mon, June 08, 2009 — IDG News Service — Businesses in North America and Europe remain broadly worried about the security of open-source software, according to new data from Forrester Research.
Fifty-eight percent of the large companies surveyed said they had security concerns about open source, while the figure for small and midsized businesses was slightly higher, at about two-thirds. Within those groups, only 9 percent of enterprises said they were “very concerned,” compared with 45 percent for the SMBs.
More than half of SMBs (57 percent) also expressed concern that open-source software would be complex and hard to adopt, but only 32 percent of enterprises expressed a similar sentiment. In addition, 68 percent of SMBs cited the availability of service and support for open-source software as a concern, compared with 47 percent of enterprises.
The findings are among a wide range of data Forrester collected for two reports, “The State of SMB Software: 2009” and “The State of Enterprise Software: 2009.”
Meanwhile, security concerns over SaaS (software as a service) seem to be diminishing among companies large and small, according to Forrester.
The research firm polled a subset of SMB respondents who indicated they weren’t interested in SaaS. Twenty-seven percent named security as a factor, compared to 57 percent in a 2007 survey. A similar poll of enterprises saw 31 percent cite security concerns with SaaS, down from 47 percent in an earlier study.
Overall, Forrester polled 2,227 IT executives and technology decision makers in the U.S., Canada, Germany, France and the UK between December 2008 and February this year.
Other Stories related to this study:
June 10, 2009 at 10:28 pm #73759
This is a legitimate concern, especially for mission or business operations capability. The supply chain break down for a Defense agency or SMB can mean critical failure providing services, loss of intellectual property (or intel) or the collapse of a customer trust. One point I would make is that in the world of enterprise products, you can have a large conglomeration of many custom development, acquisitions, open-source libraries, and community platforms. Scrubbing this for security can be a major challenge. This is of great concern with any vendor facing the possibility of stricter guidelines for authority to operate, common criteria, and the notion of legal liability which has hit the desks of some in Washington. One benefit with commercially available products is the 24/7 support that most can provide and in security cases, fixes can be provided given proper information exchange.
In government, I am still not convinced that they are ready to hand over the reins of their back office services to the private sector. The security DNA of the IT staff that minds the gates will have to be altered to open up this type of collaboration. My vision is many private clouds run by gov’t IT staff augmented by industry SME’s, hosted on GFE infrastructure. This would be secured by common elements (similar to JFT-GNO) and basic private sector services would be allowed in from public clouds as needed.
You must be logged in to reply to this topic.