Problem solve Get help with specific problems with your technologies, process and projects.

Important security issues in open source

Security expert James Turnbull recommends ways to maintain the integrity of open source software and applications.

Open source software is considered to be more secure than proprietary software in many respects, but certainly there are some security issues that open source users should keep in mind. What are the most important of those issues?

I think that both open source and commercial, proprietary software have security issues and challenges. I am not...

sure one can be considered more secure than another. I think, in many cases, open source software security issues are identified and patched faster than proprietary software (compare the response of the open source database development teams with Oracle, for example). But generally speaking, the same rules apply for both open source and commercial software:

  • Monitor bug and security announcements for your applications and other software to identify vulnerabilities and bugs that may be applicable to you.
  • Patch, upgrade and update your software regularly.
  • Ensure you implement and install your applications and other software in a secure manner.
  • Monitor your environment and applications for issues - both functional and security related.

There are two additional issues that are more open source-specific that you might also want to consider:

  • Ensure that if you chose open source software that is supported or developed by a limited number of individuals that you have a exit plan. If the developer stops supporting or developing your chosen application, then you must be prepared to support the application yourself or migrate to another application. Remember that if you do run an unsupported application, the chances of an undiscovered or uncorrected security vulnerability occurring are obviously increased.
  • Accept that if you do discover a security or functionality bug in your application or software that the developers are under no obligation to fix it. Indeed, unlike software with maintenance, they are under no obligation to even acknowledge that there is an issue. Some open source developers are notorious for being reluctant to accept that there are issues with their software.
This was last published in November 2005

Dig Deeper on Linux servers



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.