A tech expert explains why Linux has remained a bright spot in an increasingly grim IT security picture, and how businesses can ensure effective, reliable security for their own Linux-based systems.
Security Pipeline: Is security still viewed as a huge issue for open source computing?
Humphrey: There are two distinct sides of the coin to open source computing: the motivated geniuses that pump out code for a specific new application, and the very commercial world that has a different use for the open source community. An example here would be Sun's Java environment.
In the former case, security has never been a huge concern for much of the community.
Open-source here means you put something very cool together and you make it work. "It" being so very cool, you plunge forward with a "sourceforge.net" site, and tell all your friends what a nifty toy you have just created. They give you feedback, suggest code changes, and break it repeatedly until you regret ever telling anyone about it in the first place.
However, after repeatedly being embarrassed over just how poorly the code performs in areas of security (among other things), the interested community finally patches it up into something in the 14th major revision that can stand on its own without being a security nightmare.
In the end, you can get some amazing software from a dedicated community that is very secure. It may not have started that way, but it will inevitably mature there.
In the latter case however, security is part of the development plan day one. No one in Sun, IBM or Redhat wants to be the target of an identified security risk as it's bad for business.
This side of the coin will suffer similar evolutionary corrections to address security and functionality issues, but the difference in getting to that stage is enormous. It's a much more closed development cycle with a specific goal in mind. Security may not be that goal, but staying in business will just have to do.
So the open source-computing world can have widely varying issues with security, but they are likely to pale in comparison with the issues that arise from the Microsoft environment itself.
And there is something of a cross-culture mix here with open-source software on Microsoft. For example: if you put an open source IRC client on your Windows machine, is the reason that your system has been compromised within 20 minutes of logging onto an IRC channel the result of underlying security issues with the IRC client, or the operating system that invites complete access to all of its internals for any application that runs on it? Where is the security failure?
Unix/Linux doesn't collapse like this. You can actually install and run this same client as a non-privileged user on Linux that is relatively secure for the rest of the computer (and it's users).
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.