Mike Miller, director of security at Media General, is a big fan of open-source tools, particularly for use in security. "I joke that it's because I'm cheap," he says. "But the fact is, there are solid open-source security products that have been around a long time."
The independent, publicly owned communications company in Richmond, Va., migrated to Red Hat Linux several years ago, and it uses a variety of open-source security tools, including the Nessus vulnerability scanner and Snort intrusion-detection software.
But there's a catch: Whereas users can receive training from Red Hat and even become certified in Linux, they're on their own when it comes to the security applications. "It's more a matter of getting to know the application, using it and researching it on the Web," Miller says. He tends to hire internally for his team, and so far all of his people have had to learn on the job. While the basics come pretty quickly, Miller says, the tools are more difficult to master than their commercial counterparts, and it might take a year to become really comfortable with some of them.