Yesterday I asked (somewhat facetiously) whether open source security was going to become proprietary, because IBM had some of the best scaled solutions out there.
I got some great feedback. BOFH noted Xen, the virtual machine monitor project, cfengine for change management and the Naginator management tool, among other things. (See his entire post for the full list -- it's great.)
But then Ben Kwiecinski called from Belgium.
Kwiecinski, a ex-pat from Wisconsin who has been in Brussels 10 years, works at Antamis, a consultancy that has recently begun distributing nSense, a proprietary product which offers sophisticated reports on security scans through its Karhu module.
"Auditing firms can make great use of it to cut down on their manual work in application auditing," he said. "A lot of places use open source tools for scanning applications and hardware infrastructure, but there’s nothing like this in terms of application scanning and penetration testing." He said it's much better Watchfire's AppScan or Kavado's Scando. (I can't answer that -- if you have experience with these products please let us know in TalkBack.)
Open source change or patch management is especially weak, Kwiecinski feels, and proprietary companies are rushing to fill the void. "While open source is great for the users, and they take changes when warranted, I find with mature software changes come quickly, at least on par with proprietary applications," he said. One such company is Novell, which recently acquired Immunix, makers of AppArmor, a Linux-based security system.
With Linux solutions changing as rapidly as any others, change management is vital to the open source enterprise, and that is more likely to come from the commercial side than the shared side of the street, Kwiecinski feels. Open source will need a much bigger market share before the open source process can fill fast-changing niches faster than proprietary solutions.
But what do you think? How quickly can open source projects react? Are we really nimble enough? Let us know what you think in TalkBack.