According to new research from the Aberdeen Group, open source software, commonly used in many versions of Linux, Unix, and network routing equipment, is now the major source of elevated security vulnerabilities for IT buyers.
Security advisories for open source and Linux software accounted for 16 out of the 29 security advisories – about one of every two advisories – published for the first 10 months of 2002 by Cert (www.cert.org, Computer Emergency Response Team).
Keeping pace with Linux and open source software are traditional Unix-based software products, which have been affected by 16 of the 29 – about half of all – advisories to date during 2002. During this same time, vulnerabilities affecting Microsoft products numbered seven, or about one in four of all advisories.
Cert’s data contravenes some popular myths that are common among the pundits and the press.
Contrary to popular perception, Microsoft does not have the worst track record when it comes to security vulnerabilities. Also contrary to popular wisdom, Unix- and Linux-based systems are just as vulnerable to viruses, Trojan horses, and worms.
Furthermore, Apple’s products are now just as vulnerable, now that it is fielding an operating system with embedded Internet protocols and Unix utilities.
Lastly, the incorporation of open source software in routers, Web server software, firewalls, databases, Internet chat software, and security software is turning most Internet-aware computing devices and applications into possible infectious carriers.