| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 |
||||
 |
|
|||
 |
||||
|
|
|
||
|
|||||||||||||||||||||||||||||||||||||||||
 COLUMN
Open source rules ONCE IN A while, I'm asked how I feel about open-source security tools. After making the usual weak joke about bandages being the best thing for open sores, I give my honest opinion: They're the greatest things since sliced bread. Besides, we all know that security is one area that Microsoft's not going to seize control of anytime soon. The real benefit to choosing security tools where the source code is public -- and I don't really care whether the code is open or "shared" -- is peer review.
Some people would point out that if it weren't for the open attitude prevalent in academic computing, Microsoft might never have gotten off the ground. After all, Bill Gates and Paul Allen had to get Basic from somewhere, and it's not like Harvard suffered any property loss, except perhaps for that roll of punched paper tape. I know this is off-topic, but if I don't mention it, I'll get a dozen e-mails when this column appears -- so that's the last time I mention Microsoft this week. Getting back to my point, and I do have one: Open-source security tools are increasingly important to businesses as ways to evaluate vulnerabilities to common attacks. VeriSign seems to agree, because it is offering a five-day course that covers every important open-source security tool I can think of, and a couple with which I am unfamiliar. I'm curious if any readers who have taken the VeriSign course or a similar one can tell me if he or she learned anything that couldn't have been gleaned from reading the manual. I hope readers are getting a chance to use these tools hands-on, because that's usually the best way to learn. Remember that although open source is open, it is not necessarily perfect. Some tools-- sendmail and BIND in particular come to mind -- have been around for eons in computer time, but bugs continue to crop up in them with the regularity of swallows in Capistrano. It's just as bad to rely on security through openness as it is to believe in security through obscurity. The best advice I can offer is to be careful of where you get your tools, verify the checksums before you install, and watch the bug reports afterward to ensure you're running the most recently fixed version. In my next column, I'll do a wrap-up of Code Red and the lessons we hopefully learned from it. P.J. Connolly (pj_connolly@infoworld.com) covers groupware, messaging, networking, and security for the Test Center. Get this column free via e-mail each week. Sign up at www.iwsubscribe.com/newsletters .  RELATED ARTICLES  Test Center In Focus: Traveling the open-source road?RELATED SUBJECTS SecurityEnterprise ApplicationsMiddlewareMORE > SPONSORED WHITE PAPERS 
SPONSORED LINKS
|
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
