Stephen E. Arnold: Open Source Security a Corporate Concern

Commerce
Stephen E. Arnold
Stephen E. Arnold

Open Source Security Remains Corporate Concern

Posted: 22 May 2013 06:15 AM PDT

When it comes to enterprise information technology concerns, security is usually at the top of the list. Some say that using open source software leaves an organization more susceptible to security risks, while others argue just the opposite. This very debate continues in the Java World article, “Survey: Control and Security of Corporate Open Source Projects Proves Difficult.”

The article hones in a particular component of the security issue, whether or not an organization utilizes an open source policy. Results were compiled through a survey:

“When the 3,500 survey respondents were asked what are the biggest challenges in their company’s open-source policy, the main reasons listed were ‘no enforcement,’ ‘it slows down development’ and ‘we find out about problems too late in the process.’ When asked who in the organization has primary responsibility for open-source policy and governance, 36 percent ascribed that role to ‘application-development management,’ 14 percent to ‘IT operations,’ 16 percent to legal, 13 percent to an open-source committee or department, 7 percent to security, 7 percent to risk and compliance and 7 percent to ‘other.’”

So of the organizations that do utilize an open source policy, many acknowledge little enforcement paltry oversight. These concerns are real. However, an organization may benefit from a compromise, a value-added open source software option. A solution like LucidWorks is fully packaged and supported; not just free-roaming bits of code to be grabbed from the free web. Users and managers can feel more confident in LucidWorks because it is packaged in a way that is easier for them to understand. Most importantly, LucidWorks has long-term industry support and positive track record.

Emily Rae Aldridge, May 24, 2013

Sponsored by ArnoldIT.com, developer of Beyond Search