How Secure is Open Source Web Software?
June 26th, 2013 By:Tavis J. Hampton
The primary feature of free and open source software is that its code is available for everyone to view. Running such software on the web is inexpensive and may even give you quality results, but is it secure? If anyone can see the source code, does that mean it is easier to exploit? Furthermore, is that security risk even more severe when your software is web-facing and exposed to the public?
The short answer is: well-maintained open source software actually tends to be more secure than proprietary software. The longer answer is a little more complicated.
Many eyes – One advantage of open source software is that many people can contribute to it on a variety of platforms and scenarios, increasing the likelihood that they would find and eradicate any bugs. This, of course, assumes that anyone actually works on the code. It is up to you to determine if the code is actually well-maintained. A project like Apache Hadoop, for example, has both non-profit and corporate backing, as well as many community contributors.
No vendor lock-in – With proprietary software, the user is typically at the mercy of the vendor. Although some vendors may maintain very secure software, there is no guarantee. Theoretically, with open source software, even if your vendor goes under, you can take your software elsewhere, or even maintain it yourself. This means you can always increase its security even if it was initially lacking.
The unknown – Proprietary software’s code is unknown to the public. This means that the software may even be purposefully or unintentionally designed to invade your privacy or compromise your security. With open source software, there are no such secrets.
In general, open source software is secure, but it is no guarantee. Particularly with web-facing applications, you still need to run vulnerability tests and put the normal security safeguards in place. You can, however, at least rest a little easier knowing that your software is well-maintained and reasonably secure.
We have multiple locations for DDoS Mitigation, which allows clients to have lowest latency and prefences as well. Depending on the size and type of the attack, locations can be changed or combined to handle large or complex attacks