Dependent And Source Independent Security

Introduction

Technology has become an integral part of the organizations in the present times. There are several technical tools and software that have been launched in the market and are being used by the business units in all the parts of the globe. There are several methods through which these tools and software can be acquired. One of such methods is the use and implementation of open source software (OSS). There are several advantages of such software, such as no involvement of costs, immediate access, easy implementation etc[1].

However, there are also certain drawbacks and issues that the management needs to overcome with the use of open source software. The report discusses these issues from the perspective of the management and also covers the issues that may come up during the transition phase. A comparison between open source software and proprietary software has also been included in the report.

Management suffers from a number of issues in adopting open source software. Some of these issues have been listed and explained below.

There are a number of application platforms that are not compatible with the open source software. The management may face issues in terms of testing and launch of such software in the organization as an outcome of the compatibility issues. A detailed compatibility analysis along with the study of a large number of application platforms is required to be done to come up with an option that fulfills the compatibility criteria of the OSS.

Pre-release review of a software is essential as it highlights the bugs and the areas of improvement in the software. The review of pre-release version of the open source software is difficult as the users know that the software will be available for free of cost at the time of the final release as well. This makes it difficult to attract the users to invest their time in the review of the pre-release version. It becomes necessary for the management to develop a marketing strategy in advance so that the market anticipation can be set up well among the users.

There are numerous legal issues that may emerge in association with the open source software that are required to be handled by the management.

• Licenses that are associated with the open source software are in different forms. There are different terms and conditions that are included under all of these license types. For most of the licenses, it becomes necessary to disclose the source code[2].

Licenses Used for OSS

• There is a usage restriction that is applied on the software for the users who make use of the modified copies.
• Risk minimization may also come up as a legal issues especially for the users in the categories of software vendors and software developers.

One of the most common forms of issues that are associated with Open Source Software are the security issues.

The source code of the software becomes available to all which makes it possible for the malevolent entities to exploit the same by using methods, such as hacking and virus attacks.

For instance, the organization is thinking over the usage and implementation of MySQL software as the database tool. There is a critical MySQL vulnerability that recently had an impact on almost every version of the software[3]. There were malware codes that were injected in the configuration files of the software that allowed the attackers to gain entry to the server on which the database system was running.

There is another attack that is being successfully attempted by the attackers which is called the Drown attack. This is the security vulnerability that has an adverse impact on HTTPS and other services that are associated with Secure Socket Layer (SSL). The encryption mechanisms that are applied on the files are broken down by the Drown attack along with other security protocols[4].

In case of occurrence of any of these or other forms of security attacks, there is a lot of damage that is done to the open source software along with the information sets that are associated with the organization. It, therefore becomes the accountability and responsibility of the management to develop and implement the measures to avoid such security issues.

Most of the open source software come with poor documentation which makes it difficult to understand the features and functionalities of the software.

Due to the lack of proper documentation, it becomes necessary for the management to provide additional trainings for the employees to make them understand the features of the software. There is an additional cost and effort that is spent in this activity.

Issues in the Transition Process

The transition process in the adoption of an open source software for an organization includes a lot many steps and stages.

There are certain pre-requisites that must be completed before the initiation of the transition process. The first and the foremost step shall be the planning and analysis activities that must be completed. There shall be an implementation plan that must be set up in advance by the management which shall be followed during the process of transition. It would also be required to ensure that the compatibility analysis of the software with the application platforms implemented in the organization is carried out in advance and there are positive results achieved in the same.

Feasibility studies on the parameters of technical, operational and financial feasibility must also be done so that management has a complete account of the success of the process. The assessment of the risk areas and their treatment procedures must also be made.

The transition shall begin after the completion of the above steps. The transition approach must be a phased approach rather than Big Bang Implementation of the software. This is because of the reason that the success rate will be higher with such an approach.

There can be a number of issues that may come up during the transition process which have been listed below.

• Adopting and making a transition to the open source software will introduce numerous changes for the organizations and its members of the staff. These changes may become difficult to deal in case of absence of a change management plan. The changes may also have a negative implication on the productivity of the employees which may bring down the reputation of the organization[5].
• The existing set of processes and methods may be affected by the transition process in association with the open source software. It is because of the reason that the other technical tools will be required to be integrated with this software which may bring down the working of the other tools.
• During the initial stages of transition, there may be many security vulnerabilities that may be created. These security vulnerabilities and loopholes may be used by the malevolent entities to give shape to the security risks and attacks. In this manner, the organizational information sets and applications may be put at risk.
• The customers prefer the business units and organizations that have a smooth functioning and the ones that are always available. However, in the case of transition process associated with the open source software, the availability and smooth functioning of the business may get impacted in a negative manner.

These transition issues can have some of the extremely severe impacts and it may become difficult for the management to deal with the same.

Comparison between OSS & Proprietary Software

There are set of pros and cons that are associated with OSS as well as proprietary software. Open source software offers many benefits to the business organizations and users. The primary benefit is in the form of the costs as these come for free of cost. There are also additional benefits offered in the form of flexible solution, no single point of failure, no vendor lock-in etc.

Conclusion

The choice of open source software shall be based upon the organizational needs. The start-up and small scale units can go for this form of software as it comes for free of cost. These software packages can also be acquired by the business units that do not wish to put complete ownership of the software on the vendor.

Annotated Bibliography

Aviram, N, & S Schinze, "DROWN: Breaking TLS using SSLv2.". in , , 2016, <https://drownattack.com/drown-attack-paper.pdf> [accessed 27 October 2017].

Aviram and Schinzel have covered the details of the DROWN attack in their article. The meaning and background of the attack along with its mechanism has been covered. There is good use of figures and tables done in the article to support the information that is covered. The authors could have also added the details on the case studies in the form of victims that have been affected by this attack.

Clarke, R, & D Dorwin, "Is Open Source Software More Secure?.". in , , 2015, <https://courses.cs.washington.edu/courses/csep590/05au/whitepaper_turnin/oss(10).pdf> [accessed 27 October 2017].

The authors, Clarke and Dorwin, have covered the security issues that are associated with OSS. Source dependent and source independent security vulnerabilities have been explained by the authors along with the analysis of the security tools and socioeconomic factors. The authors could have made use of the case studies to further strengthen their information and details covered in the article.

Fontana, R, B Kuhn, E Moglen, M Norwood, D Ravicher, & K Sandler et al., "A Legal Issues Primer for Open Source and Free Software Projects.". in , , 2008, <https://www.softwarefreedom.org/resources/2008/foss-primer.pdf> [accessed 27 October 2017].

Richard and fellow authors have covered the several legal issues that are associated with the open source software. The set of issues that have been covered include the licensing issues, copyright enforcement issues, and patent and trademark issues along with many other organizational issues in the legal framework. There is no use of graphics in the article which could have been included.

Pankaja, N, & M Raj, "Proprietary software versus Open Source Software for Education.". in , , 2013, <https://www.ajer.org/papers/v2(7)/O027124130.pdf> [accessed 27 October 2017].

Pankaja and Raj have covered the comparison between proprietary and open source software in the article. Definition of both of these software types and other models has been covered with the details on the comparison on the basis of different parameters. The authors could have further strengthened the information by making use of graphics.

Scacchi, W, & T Alspaugh, "Issues in Development and Maintenance of Open Architecture Software Systems.". in , , 2017, <https://www.ics.uci.edu/~wscacchi/Papers/New/Scacchi-Alspaugh-Crosstalk-2017.pdf> [accessed 27 October 2017].

Scacchi and Alspaugh have included the information on the various developmental, maintenance and transition issues that are associated with OSS. The authors have classified the issues on the basis of the issue type and possible impact. There could have been good use of the case studies and examples in the article.

Singh, A, R Bansal, & N Jha, "Open Source Software vs Proprietary Software.". in , , 2015, <https://pdfs.semanticscholar.org/48b7/64286fde00991c9b8ffc2b88ee8a6c7207b3.pdf> [accessed 27 October 2017].

Amandeep Singh and fellow authors have described the comparison between OSS and proprietary software in the article. There is an explanation of both of these software types covered in the article along with the comparison on the basis of costs, flexibility, security, reliability and other parameters. These is a good use of table to strengthen the information which could have been further enhanced by the use of real-life scenarios.

Smith, A, K Niemeyer, D Katz, L Barba, G Githinji, & M Gymrek et al., "Journal of Open Source Software (JOSS): design and first-year review.". in org, , 2017, <https://arxiv.org/abs/1707.02264> [accessed 27 October 2017].