Computerworld
Home News Blogs In Depth ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Newsletter Sign-Up

Receive the latest technology news and information.
Open Source
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Response team boosts open-source security

OCERT steps in to help bridge the communications gaps

By Neil McAllister
May 7, 2008 12:00 PM ET
Comments
(1)
Recommended
(180)
Digg
Share/Email



PC World - IT managers often assume that open-source software is more secure than proprietary commercial software. Anyone who uses open source can examine the original code to spot any lurking vulnerabilities, and potentially even fix the vulnerabilities themselves. With proprietary software, you have to trust the vendor to do it all for you.

But open source's supposed security advantage assumes three things: 1) someone is actually looking at the code, 2) security vulnerabilities are getting reported and fixed, and 3) information about those fixes makes its way to Linux distributors and other software vendors, which apply the fixes to their products. But what things aren't happening? As a customer, how can you be sure?

A new initiative aims to help. Founded in March, Open Source Computer Emergency Response Team (oCERT) was specifically created to act as a clearinghouse for security information about all kinds of open-source software.

Say you're a small open-source project -- maybe you only provide a library of code that's used in other larger applications. As a two-person effort, you don't have time to contact everyone who uses your code to let them know about a recent security flaw. That's where oCERT can step in to alert everyone. Similarly, large Linux distributions, which incorporate hundreds or even thousands of different open-source projects' code, can work with oCERT to make sure all the holes get plugged in all the right places.

Open-source users can help the oCERT effort, too, by reporting security incidents. If you're a business that is experiencing a potential software exploit, oCERT can offer reliable security contacts in the open-source community that can help you plan and coordinate your response.

In keeping with open-source tradition (and open-source budgets), oCERT is a volunteer effort, and it provides its services free of charge. The team's operating costs are underwritten by corporate sponsors -- most recently Google Inc., which posted a detailed summary of why this effort is so important to a blog on Monday.

All in all, oCERT sounds like a worthwhile project that will provide a valuable service to the community of open-source vendors and customers. Let's hope it wins enough support to sustain itself for the long run. (That name might be a problem, for starters -- CERT is a trademark of Carnegie Mellon University.)


Reprinted with permission from

For more PC news, visit PCWorld.com.
Story copyright 2009 PC World Communications. All rights reserved.

Comment Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints
Jump to comments

open-source software

Additional Resources

WHITE PAPER
Do You Know the 7 Steps to Successful Data Migration?
Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.
WHITE PAPER
Total Cost of Ownership of Server Computing Vs. PCs
Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.
WHITE PAPER
IDC White Paper: Linux in a Global Recession
Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

What People Are Saying

1 comments | Add new
See all comments (1) | Add new

White Papers & Webcasts

Open Source Middleware Reference Architecture
A roadmap of open source software capabilities across a diverse set of application requirements.  

Enabling Identity and Security Management with Open Source
Watch this complimentary webcast today!

Open Source Security Myths Dispelled
Download this Complimentary White Paper! Provided by Astaro.  

Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!

The Top 10 Reasons for Choosing Open Source Data Integration
Are you trying to understand your options for data integration? This White Paper presents the top 10 reasons why organizations are choosing open...  

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

Practical Open Source Data Integration Case Studies & Implementation Examples (Vol. 2)
Learn from real-life examples, and from the voice of your peers about the benefits of open source data integration.  

Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!

The Return on Investment of Open Source Data Integration
More than a theoretical report, this ROI Study provides not only hard numbers but also the tools IT organizations need to assess the...  

Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports
Featured Zone
Strategic Content Management
Learn how the right Enterprise Content Management (ECM) solution can start saving you money within a week and pay for itself in as little as three months. These case studies and white papers provide practical information on how to go from theory to reality - to help you put together a plan that will achieve your content management and process automation goals.
Enter the Strategic Content Management Zone now

 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.