Regular CBR readers will remember the fuss on these pages towards the end of last year over open source versus proprietary, when Dr Jim Goodnight, CEO of BI giant SAS Institute, said open source BI wasn’t causing much of a stir in his world because of the perceived lack of testing that goes in to the software.
Apple’s iPhone 4: more secure?
"We haven’t noticed [open source BI] a lot," he told us. "Most of our companies need industrial-strength software that has been tested, put through every possible scenario or failure to make sure everything works correctly. That’s what you’re getting from software companies like us."
The open source community wasn’t too happy. Yves de Montcheuil, VP of marketing at French data integration firm Talend told us Goodnight’s comments were, "PR bullshit. One of the specific advantages of open source is that we have a wide community who help us test the software and add improvements."
Now Talend has turned its attention to security firm Trend Micro, and more specifically its chairman Steve Chang, after he suggested to Bloomberg that Apple’s iPhone is much more secure than Google’s Android platform, because of its proprietary nature.
HTC Desire running Android: less secure?
"Android is open-source, which means the hacker can also understand the underlying architecture and source code," he told Bloomberg. He added that credit had to be given to Apple because it’s "impossible for certain types of viruses" to run on the device.
"Apple has a sandbox concept that isolates the platform, which prevents certain viruses that want to replicate themselves or decompose and recompose to avoid virus scanners," he added.
Time for the open source community to defend itself, again…
"Open source products have been clearly demonstrating that they are on par with proprietary software, and this includes the security element," said Bertrand Diard, co-founder and CEO of Talend. "There is absolutely no reason why open source should not be considered amongst all software solutions."
Bertrand Diard, Talend CEO
So what about Chang’s assertion that the nature of open source means it’s easier for a cybercriminal to examine and understand the underlying source code? Does that mean it is less secure than proprietary? Nope, says Diard.
"By nature open source products enable people to access its source code and provides greater flexibility than proprietary software, and they are substantially more cost effective than proprietary software," he said. "Are they less secure? No, it’s actually the opposite. Because open source gets many third party developers to review code, vulnerabilities are actually identified sooner than in closed, proprietary systems. And project ‘owners’, who select which code makes it or does not make it into the product, take very seriously their vouching responsibility."
It’s not really that surprising that Chang has turned his attention to open source security – his company recently launched a new product that deals with Android security, after all. Trend also of course has products that protect Macs, both consumer and corporate.
Taking on the open source community is always a dangerous game to play. It’ll be interesting to see how this one pans out.