January 1st, 2009

The biggest threat to open source in 2009

Posted by Dana Blankenhorn @ 3:23 pm

Categories: 2009 Preview, Enterprise Policy, General, Security, business models, mass market, support

Tags: Open Source, Dana Blankenhorn

Security and updates, which are often the same thing.

There is no longer any doubt that hackers and malware writers are going after open source projects as they once went after Windows. Vulnerabilities are being found, discovered, created, exchanged.

The best protection against vulnerabilities is to keep software updated, but most open source lacks update services. That’s one part of the Windows license that is worth paying for, and there does not seem to be an open source equivalent.

An exception is Firefox (above, from SecurityMike). But how many take advantage of this? And how tied is Firefox to updating for security purposes? Remember we’re talking about pushing updates, not asking users to pull them.

In any case, the enterprise market is more important here. Servers hold more secrets than clients.

Palamida is trying to build a model for supporting updates, as I described in November. Such a service could, if executed correctly, even give many open source projects a valid business model.

But until this ramps up (hopefully in a competitive market), enterprise managers have an easy way to say “no” to open source.

Regardless of how dangerous this is, the fact that managers feel it’s dangerous makes it so.

This may be the first challenge to open source’s growth in the enterprise since that growth began, and for some it may prove intractable.

There is a way forward, using the enterprise business model, but how many projects will be able to exploit it in a professional way and retain their enterprise credibility remains open to question.

It’s a story I’ll be watching closely as the year unfolds, and I suggest you do the same.