Security Concerns in Using Open Source Software for Enterprise Requirements

Information security is the biggest challenge for network and ecurity administrators. The security of a given network highly depends o the software used and the administrative practices followed for operating systems, perimeter security, antivirus protection, intrusion detection, software development, systems and network monitoring, corporate mail, office productivity and so on. The rapid growth in Internet has resulted in several open source development communities. The collaborative effort of these communities has made it possible to have open source alternatives for almost all proprietary (also known as closed source) software. This paper highlights the security concerns of the end users in considering open source software for their enterprise requirements. This paper also highlights the risks pertaining to open source software and recommends certain guidelines following which these risks can be mitigated. These guidelines would help an end user to thoroughly evaluate open source software before they are considered for mission-critical functions. Open source software The words “Open Source” and “Open Source Software” refer to the software whose source code is available to the public and it can be used, modified and redistributed along with the original rights as defined by Open Source Initiative (OSI).1 These two terms are interchangeably used in the rest of this document. It is always distributed under a license which allows the user to use it the way he wants either for customizing it for his specific needs or for designing a commercial solution based on it. GNU General Public License (GPL) is the most commonly used license for this purpose. The derived solutions based on open source software should be distributed along with the source code and the recipient should get the same rights with which the original source is distributed. The word ‘open source software’ is sometimes misused to refer to the software whose source code is available but there are restrictions on its usage, modification and redistribution. Most of the universities, educational institutions and non-profit organizations use open source software. Many enterprises also use open source software but most of them do not disclose this information for various political and security reasons. Open source software is in fact so ubiquitous that the running gears of Internet such as mail transports and web servers mostly run on open source software. 1 “The Open Source Definition.” URL: http://www.opensource.org/docs/definition.php