Is open source nimble enough?

Is open source nimble enough?

Summary: Open source will need a much bigger market share before the open source process can fill fast-changing niches faster than proprietary solutions.

TOPICS: Open Source

Yesterday I asked (somewhat facetiously) whether open source security was going to become proprietary, because IBM had some of the best scaled solutions out there.

I got some great feedback. BOFH noted Xen, the virtual machine monitor project, cfengine for change management and the Naginator management tool, among other things. (See his entire post for the full list -- it's great.)

But then Ben Kwiecinski called from Belgium.

Kwiecinski, a ex-pat from Wisconsin who has been in Brussels 10 years, works at Antamis, a consultancy that has recently begun distributing nSense, a proprietary product which offers sophisticated reports on security scans through its Karhu module.

"Auditing firms can make great use of it to cut down on their manual work in application auditing," he said. "A lot of places use open source tools for scanning applications and hardware infrastructure, but there’s nothing like this in terms of application scanning and penetration testing." He said it's much better Watchfire's AppScan or Kavado's Scando. (I can't answer that -- if you have experience with these products please let us know in TalkBack.)

Open source change or patch management is especially weak, Kwiecinski feels, and proprietary companies are rushing to fill the void. "While open source is great for the users, and they take changes when warranted, I find with mature software changes come quickly, at least on par with proprietary applications," he said. One such company is Novell, which recently acquired Immunix, makers of AppArmor, a Linux-based security system.

With Linux solutions changing as rapidly as any others, change management is vital to the open source enterprise, and that is more likely to come from the commercial side than the shared side of the street, Kwiecinski feels. Open source will need a much bigger market share before the open source process can fill fast-changing niches faster than proprietary solutions.

But what do you think? How quickly can open source projects react? Are we really nimble enough? Let us know what you think in TalkBack.

Topic: Open Source

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Hit bait

    "Open source change or patch management is especially weak, Kwiecinski feels"

    The very recent 2 day turnaround exhibited by Mozilla for the Firefox browser is "weak"? What does that imply for the software behemoths who take up to 6 months? Or, who simply leave flaws unpatched until such time as enough end users have taken a hit from an exploit?

    Seems like this article is just another inflammatory hit-magnet. And yes, it worked ... this time ...
    • You mean 2 days for Firefox is not as good as 2 months for Microsoft?

      How Mis-informed M$hill story, Batman!

      (in other words, I agree with you 100%)
    • Source patch turnaround is fine

      Binary patching is a weak point for Firefox, and normal users do not consider a program patched until they can download and install a binary. Initially it took a LOOOONG time for Firefox's first source patches to be incorporated and then distributed into an official binary release. The turnaround for this last one was much better, but they need to prove they can continue the trend.

      Also there's more to patching than turnaround time. The ease of upgrading becomes a factor as well, plus notifications of newly released patches. Again, Firefox started out of the gate poorly but has gotten better, but there is still room for improvement in their patching system.
      Michael Kelly
      • Source patching only works

        when the people using the product are technically skilled enough to recompile the program. Okay for geeks but not acceptable for the consumer market.
    • It was just a quote

      I offered a quote from a source, and didn't state how I felt about it.

      And the subject was enterprise patching, not consumer product patching.

      But you're certainly entitled to your opinion, and I do appreciate your offering the support to my browser of choice.
  • Billy be nimble, Billy be quick..

    Billy pays off ZDNet lickity split..
    • Did you..

      ...even read the article?
      • Nah.. too busy bashing the evil Microsoft.

        fight the evil.
  • Share holders whine

    Seems that this is really about Software Gaint investment capital. Open source gets in the way of monopolizing. Lets remember that open source people are smart people and not back woods moon shiners.
    • We're talking about the enterprise market

      The enterprise market consists of very large installations, for whom security is becoming a full-time profession.

      And these folks have yet to find open source patch management tools that scale.

      At least this is the case with those I've talked to for this blog.

      Anyone else want to drop me a private note and request to be interviewed?