Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scanner Spots Open Source Installations

Posted by kdawson on from the toward-what-end dept.

Mike writes "Information security firm OpenLogic has begun letting users download 'Discovery,' an application that scans Windows, Linux, and Solaris machines and attempts to identify open source software. The Discovery application claims to identify more than 5,000 versions of the top 900 open source packages. The scanning engine is able to detect open source installations whether they were installed explicitly or bundled with other software products. Kim Weins, vice president of marketing, says 'We developed it in response to customers not knowing what open source programs they were using.' I can't help but think that this a move to slyly demonize FOSS by scaring businesses into thinking they don't know what's on their PCs."

2 of 275 comments (clear)

  1. I could've used this the other day... by oldosadmin · · Score: 3, Interesting

    You know, the interesting thing is, so many people are trolling this, but if you are, you must have never been through VC funding.

    I had to make a list of /ALL/ open source software used ANYWHERE in the company. Yeah. Sounds like fun, right? It sure was. Either way, this app could've made my life a lot easier. :(. Too bad I see it NOW!

    --
    Jay | http://oldos.org
  2. Re:Two options by jotok · · Score: 3, Interesting

    I work for a major security firm.

    All of our stuff is designed to run on 2k, 2k3, and Redhat, which as you are aware is essentially no different from Fedora (well, strictly speaking, it's no different from CENTOS) except that you buy support for it. That support is important. Large companies who pay $100m for a contract do not want to hear you say "I'll have this issue remedied just as soon as someone replied to my post on FedoraForums.org."

    I happen to think that, for instance, sourcefire has a superior IDS solution to ours. I know a lot of competent guys with that company. I like those guys. So without any malice I can tell you that when we had a bake-off with them, the deciding factor was that we knew how to deploy and manage a thousand-node sensor grid and they had not clue one.

    I say this just to illustrate that for, large corporate environments, it doesn't matter that FOSS solutions are "better." A lot of them are great, and I can think of plenty of situations where some Ubuntu workstations running OOo would suffice over Vista Business and Office 2007...except then you know down the road that company is going to want something out of left field, like encrypted home directories or , only, none of the techs they can afford know anything about setting it up. But they know that 5 years from now if they want some weird solution, probably one of the big vendors will be around to sell it to them, along with a consultant to walk the Remedy monkeys through troubleshooting it.

    I do not think that most of the people cheerleading for FOSS appreciate this. They just know that $DISTRO is neat, so obviously everyone who doesn't agree that it's perfect for a 10,000 seat enterprise network must be an "idiot." Le sigh!