A new article has been published in "in-approval".
To sum it up... I don't get it...
You can find the article at I Don’t Get It – "in-approval"
Someone has to be responsible for security vetting every new level/increment/release of the open source software before it is installed and someone else needs to continuously monitor what OSS is being installed and utilized within the organization and match that with the officially approved list of vetted OSS. This adds costs for OSS and changes the cost/benefit ration away from using OSS. But this then has to be weighed against the costs of vendor supplied software. So OSS can still be competitive. Any business that is not funding the extra staff and processes needed to properly address the additional security risk impacts of OSS are exposing themselves to security vulnerabilities that they may regret. In the business context OSS not for free, anyone who assumes it is a good way to cut costs without fully taking in account the full costs of effectively avoiding security vulnerability risks is making a mistake.
One could argue that Open Source Software is more accountable than closed source software. With OSS, the source is visible for all to see what is being done by the application. With closed source and partially closed source, you don't know what they are hiding, tracking, logging, etc.
Assuming the source equals the executable....
I always enjoy reading your well thought out and well written "in-approval" articles John.Dueckman. On the topic of open source, a good option in my view, would be to purchase specific OSS product support from a reputable vendor. This way you'd be able to work with the vendor on OSS product problems/issues similar to the way we do with closed source products.
Ray Quint HSCM Support
Global Technology Services
2 PB Hartford CT 06183
Endevor web site link below
Fair point, Phil, but doesn't that then, in essence, turn the OSS product from being OSS to being a "reputable vendor-supported product"?
I think Brightside is both OSS and supported by Broadcom. There is little difference between how we manage COTS software and OSS anyway.
Yes, It's a good compromise, it's open source but vendor supported at the same time. A company/individual can be very active in the open source community to drive fixes, enhancements, product direction. Many times the vendor that supports the open source product, does much of the coding. Having vendor support, I believe makes your voice heard even more.
Retrieving data ...