In our conversations, we spoke to Sam Lamonica, CIO of Rudolph and Sletten Construction, a general building contractor based in Redwood, California; Philipp Huber, CTO/COO of the UK based XCalibre Communications, a hosting firm located in the UK; Clyde Williams, Infrastructure Systems Manager for Southeast Alabama Medical Center, a hospital located in Dothan, Alabama; and Walt Cornelison, Director of Information Technology for Tropitone Furniture, a manufacturer or high-end outdoor furniture located in Irvine, California. Here’s how our conversation went:
Linuxworld.com: From your perspective how great of a concern has security been, and how great of a concern is it at present, in an open source environment for you?
Sam Lamonica, CIO of Rudolph and Sletten Construction: From experience, we are not concerned about open source in our environment any more or less than the proprietary software we utilize. For example, we've been using GroundWork Monitor Professional—an open source systems and network monitoring and management solution—since 2005, and we have yet to experience any security breaches related to it because it’s open source.
Philipp Huber, CTO/COO, XCalibre Communications:* [A] major concern. We are often asked by our customers how we can ensure that data security is guaranteed.
Clyde Williams, Infrastructure Systems Manager, Southeast Alabama Medical Center: From my perspective, and in my own opinion, open source software has enjoyed security through lack of widespread adoption. When the market share of any single open source application gets large enough, it will become a target for exploitation.
Walt Cornelison, Director of Information Technology, Tropitone Furniture: Security is always a concern. I have to balance security with an ability to operate and function. I find security to be less of a concern on the Linux side. I'm pretty confident on that side of our business. We have to balance operations performance, [with] user need and security. Security cannot be so obtrusive that we cannot operate.
Linuxworld.com: What could enhanced security mean for the open source and Linux community?
Sam Lamonica: From a perception perspective, enhanced security means more peace of mind for the open source and Linux community. But in reality, all software is vulnerable at some level to attack and the idea that open source and Linux is more susceptible because it is open is flawed. I think Mark Stone's O'Reilly blog on the subject from way back in 2004 still holds true:
"Too often people assume that secrecy equals security. Nothing could be further from the truth....Open Source software is based on a similar notion of security. Hiding source code is a bad way to assume you'll achieve security, because even a powerful and highly proprietary company can't guarantee that source code won't leak out. Instead, security should be based on a worst-case scenario: assume your 'adversary' has access to the source code."
Philipp Huber: It would mean that we could start convincing high-level customers (i.e. financial institutions) to use cloud services that are based on components they trust.
Rss FeedRss Feed
The Connected Enterprise
