Open Source Special Report: Separating Fact From Fiction

Like any other revolutionary technology, open source carries with it a number of myths and underaccepted truths. Separating open source fact from fiction can mean dramatically enhanced services and millions in cost savings.

For governments of all sizes and at all levels, debunking the myths of open source and realizing the benefits of this revolutionary approach may be vital in the age of always-on e-government. Understanding what open source can do for government is imperative to agencies and organizations that wish to do more than merely exist as a budgetary expense. Here are the facts about open source:

Fact: Open source is secure.
A common response to the question of why open source technology is less vulnerable to security breaches is that the leading proprietary software is used more widely than open source software, such as Linux*. The logic goes that open source is such a small target when compared to proprietary technology that would-be attackers simply don't bother trying to break into open source systems.

However, according to a study conducted by NetCraft -- an Internet data research and analysis group -- 47 of the top 50 Web sites run on Apache, preeminent Web-server technology that happens to be open source.

If hackers based their attacks solely on which technology is most widely used, there should be a huge number of worms, viruses and the like infecting Apache Web servers. But Apache servers demonstrate the longest uptimes by considerable margin compared to proprietary-technologybased servers -- one Web site NetCraft notes is approaching 1,800 days of uptime.

The simple truth is that there are far fewer attacks on open source systems because they are more secure, thanks in large part to the vast number of users examining code and the rapidity with which patches are made available for breaches.

Fact: There is strength in numbers.
It seems counterintuitive that easily obtainable source code would be more secure but, in fact, it is. Because so many people can -- and do -- look at the source code, open source is a more secure technology. Open source software does not rely on a small -- or even a large -- department within a corporation to provide patches to vulnerabilities.

Open source relies on thousands of programmers from different backgrounds to combat malicious elements.
Since open source code can be altered by the user, open source software can be designed to specifically suit an agency's needs. System administrators can monitor who accesses source code and what they do with it. With so many eyes looking at the source code, vulnerabilities are identified and patches are created and distributed much more quickly than is done with proprietary software.

But what truly makes open source more secure is its modular design. For example, when a graphics program is running on Linux, the software has access only to directly related applications, files and directories -- not to the entire operating system. That way, if a viral image is loaded into the graphics program, the virus can affect only the immediate files running the program; it cannot travel to the rest of the system.

On the other hand, proprietary systems like Windows* grant users (or hackers) access to every file on the system, regardless of what program is being used to access them. Thus, opening an infected image file in Microsoft* Paint can easily damage the entire operating system -- or spread to the network.

Fact: Open source systems are widespread.
Open source already runs a significant number of mission-critical systems. In state government, 47 of the 50 states currently run open source technology like SUSE® Linux. Some states, such as Massachusetts, are moving toward exclusive use of open source technology in their operations. Moreover, large federal government organizations, such as