I recently conducted a review of the warranties stipulated in software licences. The skewness of these licences towards vendors made me realise that few users actually read these agreements in full. It also bought across clearly, to my mind, the often myopic perspective that many in our industry share regarding issues which should be troubling, but somehow aren’t, and the contradictory perpetuation of red herrings.
Among the beliefs which don’t stand up to any form of rigorous analysis, is that of not deploying open source technology due to source code availability. The putative argument: because the source code to (for instance) the Apache Web server is publicly available, it is vulnerable to abuse.
This is akin to refusing to drink tap water because the water, at some point, was in the ‘public commons’, namely the water catchment area. Just as the water authority handles the prerequisite quality assurance, the purpose of the open source software distributors (Red Hat, SuSe, Sun et al) is to vet the Apache Web server before you receive it. Many Linux distributors also digitally sign their software to certify authenticity.
Another example. In an interview with an MD of a major security firm, the MD suggests that Linux is problematic from a security perspective because there is no single vendor for support and certified software patches. To anyone who has bothered to review the highly functioning software and patch distribution processes of Linux et al, this delineates a knowledge void.
As an example of an issue which should be flagged more regularly than it is, is the topic of risk and cost management associated with software licensing compliance. In most companies, there is no point where such compliance can be assured. Employees can introduce pirated software to your network, and your IT staff install duplicates of software extant on other systems, both exposing your organisation legally.
For many companies, managing this issue has become a real money sink which never rates a mention in TCO calculations.
Use open source software wherever possible, to minimise this risk and reduce licence-management hassles and costs.
Con Zymaris is CEO, Cybersource