Open-source dilemma in the U.K.?

Today's big tech news in the United Kingdom is a self-serving prognostication that once again states that "open source is less secure" than proprietary software.

This comes from a U.S. company called Fortify, whose business it is to search for code flaws. Citing its own research, Fortify suggests that open source as a whole is inherently less secure and therefore, the U.K. government shouldn't use open source. However, it fails to note that many open-source projects have commercial companies behind them, which effectively puts the software on equal footing.

"That's not to say that commercial software isn't without risks, but any flaws on commercial applications tend to get patched a lot faster than on open source, as the vendors producing the software have a lot more to lose than an open-source programmer," Fortify Vice President Richard Kirk claimed.

The statements from Fortify also neglect to mention that it tested a limited number of open-source Java software or that it has been a Microsoft partner. But we'll ignore that and assume that it's a marketing exercise to freak out Europeans.

In the past, I've found Europe to be challenging to monetize, but not because of security issues. Open-source adoption in Europe is huge--especially in the United Kingdom, but the term has really meant "free" for most of the continent.

The U.K. and European Union parliaments are heavy users of open-source software, and I have yet to hear that any government branch or enterprise is adopting open source less. The reality is that open source has corrupted the market for big vendors and is slowly, but surely, delving into every area of system and application infrastructure.

As fellow CNET Blog Network writer Matt Asay noted on Thursday, some organizations are mandating open source. I'm not convinced that mandates are the right answer, but it's clear that IT buyers are fed up with exorbitant licensing costs. And you have to marvel at the fact that open source has become so mainstream that government officials are publicly fighting about it.

You can also check out Glyn Moody's take on this story.

[aMUSICsite]

The UK gov has a long relationship with MS and also a proven track record of wasting our tax money. Looks like neither has changed.

[BMDMG]

Security of software is not somehow magically related to whether it was close-source, open-source, or out-source. It is directly related to the process put in place to design, develop, deploy, and maintain. Making sure that security is considered throughout. Open source projects are certainly no better or worse (in general) to any other kind of application in this. If the process breaks down anywhere along that axis it doesn?t matter who developed the code there, will be risks involved. There are advantages and disadvantages to all kinds of applications but that really depends on the maturity of the application, development company etc. Making a generalized statement about lack of security in open source code is faulty and places blame in the wrong direction. -- Ryan Berg