News

Security Concerns Hinder Open Source Use

Informal survey highlights misperceptions inhibiting open-source growth

• By James E. Powell
• 12/18/2008

Results of a new poll from open-source software vendor Palamida released this week show that although 73.1 percent of organizations “expect their IT budget to decrease either moderately or significantly in 2009 ... only 45 percent view open source as a likely solution to the upcoming budget gap.” The biggest impediment to IT’s wider embrace of open source is echoed by half of respondents, who say they fear security problems. Other concerns include support costs and risks of violating intellectual property.

Conducted in November, the poll received 177 responses from senior IT, engineering, and security staff evenly distributed among “financial services, insurance, technology, consumer goods and services, biotech/pharmaceutical, manufacturing, health care, energy, and government,” the company said in a statement.

Open-source providers face an uphill challenge. More than two in every five responses (43.4 percent) indicated the organization was unlikely to broaden its use of open source, and 11.4 percent say they definitely will not. One third (33.1 percent) are considering it, with another 12 percent saying they absolutely will use more.

Although open source software functionality and quality were viewed favorably by 62.7 percent of organizations (who say open source software is equal or “almost equal” to commercial products). Top benefits of open source were (in order): Cost, flexibility, time savings, and quality. More than three quarters of respondents (78.7 percent) said they thought open source might or definitely would save their organization money in the long run.

“This wasn’t meant as a comprehensive, scientific survey,” vice president of product marketing Theresa Bui Friday told Enterprise Strategies. Rather, it was a way to take the pulse of IT about open source. “Almost a third of our responses came from financial services firms, which isn’t surprising given the pressure they’re under today.”

Mark Tolliver, Palamida’s CEO, said in a statement, “Our experience is that open source communities are typically very responsive to finding and fixing reported security problems -- and that, coupled with a proactive process for open source management via composition analysis, should reduce security concerns.”

Friday said she thought security concerns were an overreaction to “a couple of isolated incidents that made the headlines. All in all, open source software’s reputation is being unfairly impugned.”

Palamida compiled a list of 25 leading open source projects that it says organizations use with confidence to trim their engineering budgets. The list includes what the company calls products that are “among the most reliable, innovative, and enterprise-ready open source projects.” On the list are familiar names (NetBeans, Eclipse, MySQL, and PostgreSQL), as well as Web 2.0 enablers designed for developers, inPrototype, Direct Web Remoting, and jQuery. The full list can be found at http://www.palamida.com/blog