A report warns of security vulnerabilities, raising the question of whether the open-source model can provide bulletproof software

Johanna Ambrosio, Tech Journalist

February 3, 2006

2 Min Read

Linux for users is growing very slowly in the United States, where it runs less than 1% of all desktops, Gartner analyst Michael Silver says. It's used more elsewhere, especially in Eastern Europe. "They need less-expensive alternatives, and they don't have the legacy and compatibility issues we have," Silver says.

As Linux's popularity increases, some question whether the open-source development model will be able to keep it secure.

David Humphrey, a senior technology adviser at consulting firm Ekaru, says kernel security enhancements make Linux one of the most secure operating systems.

Others raise concerns. "To a large extent, [security] could be a failure with open source," says Ira Winkler, president of the Internet Security Advisors Group, and author of Spies Among Us (Wiley, 2005). The primary issue is a lack of consistency in testing methodologies, he says.

The question is whether an open-source model is more or less secure, Forrester's Goulde says. In the plus column, everyone can examine the code for vulnerabilities and submit fixes. But because the source code for any Linux project is so widely circulated, "it's available to every hacker in the world," he says.

Open-source contributors must be accepted into a development project, and acceptance is based on their previous work, Goulde notes. "There's a perception out there that anyone drinking Jolt Cola and eating potato chips in their basement can place code into an open-source project, and that's simply not true."

Many Linux users don't seem all that worried. An InformationWeek survey found that only 10% of 354 business-technology professionals mentioned security as a challenge that they encountered while deploying the software.

Brad Friedman, information services VP at Burlington Coat Factory, hasn't experienced major security problems with the Linux software installed on some 7,000 point-of-sale terminals and workstations. But he remains vigilant. "I'm sure we'll start to see people exploit vulnerabilities in Linux. Every piece of software has holes," he says.

In the end, the burden for securing Linux systems remains with the companies using them. They'll continue to struggle with the imperfect software and the knowledge that the cost of imperfection can be quite high.

Illustration by Peter Horvath

Read more about:

20062006

About the Author(s)

Johanna Ambrosio

Tech Journalist

Johanna Ambrosio is an award-winning freelance writer specializing in business and technology. She has been a reporter and an editor in the computer industry for over 25 years, covering virtually every technology topic, starting with 'office automation' in the 1980s, as well as management issues including ROI and how to attract and retain talent. Her work has appeared online and in print, in publications including Application Development Trends, Government Computer News, Crain's New York Business, Investor's Business Daily, InformationWEEK, and the Metrowest Daily News. She formerly worked at Computerworld, for which she held various positions, including online director. She holds a B.S. in technical writing from Polytechnic University in Brooklyn, N.Y., now the Tandon School of Engineering of New York University. She lives with her husband in a Boston suburb. Johanna's samples of her work are at https://www.clippings.me/jambrosio.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights