Those responsible for enterprise security are increasingly turning to open-source applications in lieu of security products based on proprietary code – and for many good reasons. “Where open-source tools have an advantage in an enterprise is in their timeliness,” said cryptography guru Ed Moyle of Security Curve.
“Since no budget has to be allocated to deploy an open-source tool, it can often hit the ground faster than a commercial counterpart.” On the other hand, there is the question of accountability, Moyle noted. “Since there is no commercial entity overseeing a tool, on whom can the enterprise place pressure for added features or support?” According to most security professionals, a top-tier, open-source security tool must have sufficient history to allow a practitioner to use it with confidence. And it must have a sufficiently large developer base to ensure that fixes will be available in light of discovered vulnerabilities.
Also, it must have a reasonably large user base so that support questions will already have been answered in a public forum. But there are many tools that meet these requirements and are in fact deployed at many large companies.