Open source champion Igor Portugal, from developer Asterisk, told a Govis audience that Linux is less of a worry from the security point of view than proprietary operating systems because fixes are likely to emerge more quickly.
And with the support of major vendors, the scarcity of open source software for common business tasks is becoming a thing of the past, he says.
Once someone is aware of a vulnerability, writing an exploit follows the same ‘develop-test-deploy’ sequence as writing any piece of software; the difference with the exploit is that the testing and deployment has to be done undetectably, he says.
Once the exploit is out there, there are a number of developers in the open source community who will develop a fix. This will usually work in any Linux environment that lets it in and where reasonable skills are available to implement it.
A proprietary fix, by contrast, must be written to cater for all environments and to be “user-friendly” in its implementation. This is likely to take longer.
“That’s it in a nutshell; open source is more secure and always will be.”
Portugal also disputes the contention that Windows systems are attacked more readily because they are seen as more popular. “If you put an insecure Linux server on the internet it won’t last two hours [before being attacked]; it’s a very attractive target.”
Portugal tabulated the offerings in a range of application areas, showing there are offerings in common commercial application areas that are either open source or closed source but written to run on Linux. These range from webservers where Apache is a staple of the market (it was economically less attractive for a commercial company to develop for an emerging field like the internet) to ERP (Linux versions of Peoplesoft and SAP) and database (Oracle, PostgreSQL and MySQL).
He urged his audience to look at open source software not just for the price, but as an opportunity to diversify for added security and to explore new environments.