Sensationalism: The Real Open-Source Security Risk - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Mobile & Wireless
Commentary
6/18/2009
07:36 PM
50%
50%

Sensationalism: The Real Open-Source Security Risk

A recent Forrester study attempts to tell us something useful about Open Source. What it actually does is point out the absurdity of selling self-fulfilling prophesies dressed up as useful research.

A recent Forrester study attempts to tell us something useful about Open Source. What it actually does is point out the absurdity of selling self-fulfilling prophesies dressed up as useful research.Actually, I'm referring here to a pair of Forrester Research studies. Both focus on the state of the business software market in 2009, but one deals with the enterprise market and the other with the SMB space. Both appeared at the same time, and most media coverage lumps them together.

That's fine, because both studies illustrate a typical market-research ploy: Sell a study with a vague, sensationalist summary, and then charge companies big bucks to view the details.

Here is how a recent InfoWorld.com article described one of the more controversial points the Forrester studies raise: Businesses in North America and Europe remain broadly worried about the security of open source software, according to new data from Forrester Research.

Fifty-eight percent of the large companies surveyed said they had security concerns about open source, while the figure for small and midsized businesses was slightly higher, at about two-thirds. Within those groups, only 9 percent of enterprises said they were "very concerned," compared with 45 percent for the SMBs. I won't take InfoWorld to task for how it spins the story; this is news coverage, not an opinion piece. And it's a fair description of how Forrester wants to position its research. (I can't say the same thing about a subsequent InfoWorld blog post that accepts Forrester's conclusions without questioning them.)

This taste leaves most readers hungry for details. How does Forrester define "open source?" Are we talking about desktop applications, server software, or both? Where does Forrester draw the line between enterprises and SMBs -- and how does that distinction blur the inevitable differences between how midsize and small businesses view these issues?

One also wonders how many of the firms surveyed are "very concerned" about security issues with proprietary software. After all, anyone who isn't probably needs to spend more time above ground.

If you want answers to those questions, the full text of the Forrester reports might answer them. Or maybe they won't. Either way, it will cost you to find out.

Such studies raise questions regarding their underlying research methodologies. And in the past, some firms -- including Forrester subsidiary Giga Research -- have drawn fire over alleged conflicts of interest involving third-party IT vendors that commission supposedly independent research.

Bear in mind here that Forrester, like every business, must market its products effectively. In this case, however, marketing involves isolating a hot-button issue, phrasing it in suitably provocative language, and then pushing its findings out through the IT press.

Am I falling for the trick simply by publishing this blog post? Guilty as charged, I suppose. But there is no other way to discuss this process -- and it demands a critical examination.

The fact is, the memes Forrester spreads via these methods will spread, mutate, and take on lives of their own.

Proprietary software vendors will tout the research as proof that open-source software is rife with security issues. Bloggers will repeat Forrester's public-consumption findings without questioning them. Companies will hear them and internalize them, often without even knowing how such research can shape -- and distort -- their IT assumptions.

I'm not selling either open-source or proprietary software here. I'm selling critical thinking and common sense. It's a tougher road to travel, but small-business owners will find that it beats planning their IT purchases based on market researchers' self-fulfilling -- and self-serving -- prophesies.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
News
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
Commentary
Study: Cloud Migration Gaining Momentum
John Edwards, Technology Journalist & Author,  6/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll