Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fighting Claims That Open Source Is Insecure?

Posted by Cliff on from the ways-to-counter-the-fud dept.

Lumpy asks: "Lately there has been a HUGE push by Certified Microsoft Professionals and their companies to call clients and warn them of the dangers of open source. This week I received calls from 4 different customers that they were warned that they are dangerously insecure because they run Open Source Operating systems or Software because 'anyone can read the code and hack you with ease' they are being told. Other colleagues in the area also have noticed this about 3 Microsoft Partners or so they claim have been going out of their way to strike fear of OSS in companies that respond with 'yes we use Open source or Linux' when the sales call comes in. I know this is simply a sales tactic by these companies that will remain nameless, but how do I fix the damage caused by these sales tactics? I have several customers that now want more than my word about the security of the systems that have worked for them flawlessly for over 5-6 years now with minimal expense outside of upgrades and patching for security. Does anyone have a good plan or sources of reliable information that can be used to inform the customer?"

4 of 84 comments (clear)

  1. Open source use by pubjames · · Score: 4, Informative

    I think one of the most powerful ways to demonstrate open source is to show people how much they are using without even knowing it.

    On a couple of occasions I've spoken to IT people who have said things like "we'd never touch open source because..." and then I've been able to point out multiple ways they use it without realising it. If they use google, if they use email, if they use many websites, then they're using open source software. Many bits of hardware contain open source code (wifi boxes for instance). Many companies are using Apache for their web sites without realising it.

    Another good argument is just to spout off a list of Fortune 500 companies who use open source to run their websites. "it's secure enough for IBM, but not secure enough for you?" is the type of argument that's difficult to counter. Very often they just don't know much about it.

    The problem you have to fight in people who say things like "open source is insecure" is their ignorance.

  2. Security through obscurity is no security at all by TheWoozle · · Score: 4, Interesting

    Ask your customer a simple question in reply:

    Does that fact that closed source software hides it's defects mean that it doesn't have any defects?

    Or, how about the really important one:

    Would you rather be at the mercy of your vendors to disclose (against their own self-interest) and fix security issues (on their own timetable); or would you rather have a multitude of people, who are dedicated to the values of openness and transparency, constantly striving to keep open source software as secure as possible?

    --
    Insisting on "correct" English is like saying that there is only one, definitive recipe for chili.
  3. Even simpler... by rbochan · · Score: 4, Informative

    One word:
    botnets

    Then you can explain how it's actually the closed source OS that is the most damaging.
    Hell, just show them some apache logs that are still constantly being hit by things like IIS servers still infected with Sasser, years after it should have been eradicated.

    --
    ...Rob
    The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
  4. Re:Microsoft sales reps are ruthless. by NullProg · · Score: 4, Informative

    To follow up my own post.

    Microsoft wants you to run OSS on thier stuff. Point your clients to this site:

    http://www.microsoft.com/presspass/features/2005/a ug05/08-10OpenSourceLab.mspx

    Enjoy,

    --
    It's just the normal noises in here.