Tories ignoring open-source security risk
Opposition party has got it all wrong, says Fortify.
By John E Dunn | Techworld | Published: 13:01, 05 February 2009
The British Conservative Party was wrong to slate the UK Government for its approach to open source, and US outfit Fortify Software has come up with research to prove it. The bottom line: open source is just too risky anyway.
According to Fortify, comments made by Tory shadow Chancellor George Osborne on the Government's alleged failure to embrace open source, ignore the hidden problems underlying its model of software creation.
"Our own research, however, has concluded that open source software exposes users to significant and unnecessary business risk, as the security is often overlooked, making users more vulnerable to security breaches," said Fortify vice president, Richard Kirk.
"That's not to say that commercial software isn't without risks, but any flaws on commercial applications tend to get patched a lot faster than on open source, as the vendors producing the software have a lot more to lose than an open source programmer," he claimed.
The company points to its own research, released last July, to back up its contention that open source development can be of patchy quality in terms of security, lacking in commercial-grade software change control. The end result can be an increased risk of security holes, and tardiness in dealing with them when they are discovered.
"It's therefore highly questionable whether the Conservative Party has thought this issue through before criticising the current Government for failing to support open source," opines Kirk, contentiously.
"The Government shouldn't just consider OS because it significantly reduces costs, especially after their recent history of data breaches, they have to be able to guarantee that it is robust from a security stand-point too," he concludes.
Kirk's comments contrast with the scathing analysis of government policy failure alleged by Osborne in his party's most recent release on the topic from this week. This followed a Conservative-sponsored report by Mark Thompson of Cambridge University, which spotted numerous flaws in IT policy.
"Government needs to stop thinking that when it comes to procuring IT systems, big is always beautiful," writes Osborne. "We need to move in the direction of what are known as 'open standards' - in effect, creating a common language for government IT. This technical change is crucial because it allows different types of software and systems to work side by side in government."
"The UK government is falling far behind. Too much taxpayers' money is being wasted as a result of flawed procurement, risk-adverse bureaucracy and a lack of incentives for cutting costs," he was reported as saying in a separate statement.
This is only the latest installment in the Conservatives' long-running feud with the Government over open source. Two years ago, Osborne put much the same charge in a speech that lambasted the Government over financial failure of some high-profile IT projects. Embracing open source would require a cultural change to take place at the heart of government, he said.