You're already using open source security

In the security world, many a component is based on open source code

Open source security is already in data centers, even if network executives think it isn't. One common example is OpenSSL, an open source-library implementation of the SSL encryption standard with an accompanying set of tools and utilities. Any commercial product that uses SSL for such features as Web-based management or client/server control channels almost certainly is using OpenSSL. With no reason to believe that they could write better or more bug-free code, commercial developers naturally gravitate to reusable, open source components wherever possible.

In the security world, open source has had its greatest success at the component level, rather than as full-fledged stand-alone products. These well-tested and well-accepted security components are incorporated into complete products by the ever-growing corps of security product vendors. The Nmap and Nessus network and vulnerability scanners, the Snort intrusion-detection system (IDS), and the iptables firewall often are found - sometimes carefully hidden, sometimes openly promoted - inside the newest security products. In addition, some open-source security products have been taken commercial by their own development teams: Sourcefire's Snort IDS and Tenable's Nessus vulnerability-management scanner are well-known examples.

A consistent trend in security products has been the creation of appliances, packaging familiar open source basics, such as Linux, Apache and MySQL, as a base, then adding a combination of open source security tools and value-added software for management to make a complete product. Most of the packaged security appliances for everything from firewalls to security information management are built on the same BSD Unix and Linux distributions as the application servers you build yourself.

< Return to main story: Armed with open source>

Join the discussion
Be the first to comment on this article. Our Commenting Policies