It’s a bar stool debate that ranks with the likes of PC vs. Mac, and Ginger vs. Mary Ann. It’s an argument that will continue to rage, but for now, this much is clear: open-source software is a vital presence in the business world, with companies using it to power their infrastructure, websites, operating systems and mobile applications, and more.
Anybody can use, modify or redistribute open-source software, according to the terms set out in the Open Source Initiative. In fact, a recent survey found that 78 percent of U.S. companies now run some or all of their operations on such software.
But there are those who would be alarmed by that statistic. The critics contend that open-source software is always going to be risky, due to the lack of centralized control and the constant patches applied to the software.
Supporters counter that this is actually the core strength of the open-source movement, given that countless thousands of individual developers can work with the source code and thus function as a collective security backstop to find design vulnerabilities – even faster than mainstream software companies that write their own proprietary apps.
Dos and Don’ts
As with most things in life, there’s some truth to both sides of the argument. But if you’re planning on using open-source code in your business, there are common-sense steps you can take to minimize the risks of deploying this software and still reap the benefits. Let’s take a closer look.
- Taking your time with a slow rollout is wise. First, evaluate how the software fares when it’s installed with functions that are considered less critical than others. Once the test period finishes and it passes muster, feel free to deploy it elsewhere within the infrastructure.
- What’s your security policy on using open source? If you don’t have one, write it up, document it in detail and circulate the text around the company – immediately.
- Establish a team charged with putting the corporate open-source policy into place. That’s the best way to ensure the security integrity of the infrastructure, as it adds open-source tools and technologies.
- Don’t let employees download and install just any open-source code. It first should get vetted in a formal installation process. Someone should ensure that the organization has the latest version of the code, and keeps it current by installing patches.
- It pays to first research the number of available support partners. This is a key question to get answered before the CSO or CIO can sign off on a piece of open-source software as being enterprise-ready.
Don’t take the trustworthiness of the code on faith. Make sure that the software receives a thorough evaluation. There’s often not a lot of documentation available, and it’s dangerous to assume that open-source code under consideration has already undergone a rigorous security review for quality and reliability.
Žádné komentáře:
Okomentovat