October 2nd, 2007

Is open source more secure?

Posted by Dana Blankenhorn @ 8:27 am

Categories: General, Hardware, Infrastructure, Security, marketing

Tags: Secure, Perception, Open Source, Security, Dana Blankenhorn

Today we have another study claiming that open source is more secure. (Picture from the state of Kentucky.)

This time it’s an IDC survey taken in Asia, whose “results indicate that organizations perceived open source technology as providing better security compared to proprietary products,” according to analyst Prianka Srinivasan.

It’s important to note some caveats. People believe open source is more secure. Perception is not always reality.

Recently I interviwed a security expert while he was working on a Linux disassembler. He said that 95% of his work is in Windows, but that’s just because everyone uses Windows. If everyone used Linux, he believed, it might be the other way.

Matt Asay has another survey today, this one taken by Barracuda Networks, an open source vendor in e-mail and security, indicating security is not what is driving open source adoption by its customers.

Instead, this survey says, it’s price. And when Barracuda reversed the question, asking for advantages in proprietary software, 23% answered security. When open source customers were asked the advantages in their choice, only 16% answered security.

What this tells me is that proprietary vendors are doing a better job pushing the buttons of buyers than open source vendors. Which is no surprise. Proprietary vendors have bigger marketing budgets.

But there’s a lot that open source vendors can learn from this. They can push the security message. It’s one buyers want to hear, and one many are responding to.

Question remains, of course, is it true? Is open source more secure, because bugs can be seen by everyone, and fixed by anyone? Or is security through obscurity still our best defense?

I know what I think.

 Loading ...