Security and Open Source: A Delicate Mix Requires a Deft Hand

July 5, 2011

I recall reading a very unusual write up with a “learning” hook. The story was “The 10 Worst Cloud Outages (and What We can Learn from Them).” The article makes lemonade from the Amazon faults, which is a combination of home grown, open source, and commercial software. The lemonade bucket is full because the same recipe is used for cloud outages at Microsoft Sidekick, Google’s Gmail (with no reference to the Blogger.com crash during this year’s Inside Search conference which focused on cloud stuff), Microsoft’s Hotmail issues, Intuit’s flubs, Microsoft’s business productivity online standard suite stumbles, Saleforce.com’s outage, Terremark’s troubles, PayPal’s hiccups, and Rackspace’s wobblies.

What the article taught me was that this cloud stuff is pretty difficult even for folks with deep pockets, lots of engineers, and oodles of customers who swallow the pitch hook, line, and sinker.

My hope is that US government funding of research into the use of open source software for security applications can route around cloud dependencies. “DHS, Georgia Tech Seek to Improve Security with Open Source Tools.” The article said:

Although parts of the government, such as the Defense Department, have embraced open-source software for a variety of applications, many agencies still view it as suspect. As a resource, Davis hopes HOST will help to dispel the “hippie in the basement” view of open-source programs — that it’s cobbled together by enthusiasts rather than teams of professional programmers. The advantage of open-source software is that users can vet the source code themselves to make an application more secure. “Having something in a cellophane wrapped box doesn’t make it safer,” he said.

A combination of cloud technology and open source might prove the undoing of a well conceived program based on open source technology. Intertwining the cloud and open source tools for security might create a interesting and difficult to troubleshoot situation. Let’s hope the approach delivers lemonade with just the right amount of sugar, not a sour concoction.

Stephen E Arnold, July 5, 2011

From the leader in next-generation analysis of search and content processing, Beyond Search.

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta