Freely subscribe to our NEWSLETTER

"The Conservatives have accused the Government of failing to capitalise on open source software, despite reports from government agencies that have recommended its usage," said Richard Kirk, Fortify’s VP and GM of Europe.

"Our own research, however, has concluded that open source software exposes users to significant and unnecessary business risk, as the security is often overlooked, making users more vulnerable to security breaches. That’s not to say that commercial software isn’t without risks, but any flaws on commercial applications tend to get patched a lot faster than on open source, as the vendors producing the software have a lot more to lose than an open source programmer," he added

According to Kirk, Fortify’s sponsored report, released last summer, looked at 11 of the most common Java open source packages, scanning them using Fortify SCA, the static analyser seen in its security suite, Fortify 360.

Manual code scanning, he explained, was also carried out on security-sensitive areas of code. But, the Fortify Vice President says, the boundaries between commercial and open source applications are blurring. Gartner, he explained, has reported that, by 2011, 80 per cent of commercial software will include elements of open source technology (Gartner, The State of Open Source 2008, April 2008) and other research companies have made the same conclusions as well.

According to Kirk, whilst open source software appears to be the logical choice over commercial applications in terms of direct costs associated with purchasing a business program, the indirect and less tangible costs can often outweigh the direct cost savings.

"The cost of ruggedising software and generally ensuring that no faux pas will be experienced in the organisation adopting the open source code can end up costing firms a lot more in the longer term. And that’s before you factor in the risk associated with using software that is potentially flawed," he said.

"It’s therefore highly questionable whether the Conservative Party has thought this issue through before criticising the current Government for failing to support open source. There are lot more issues to account for than the direct costs of migrating from commercial to open source applications. The Government shouldn’t just consider OS because it significantly reduces costs, especially after their recent history of data breaches, they have to be able to guarantee that it is robust from a security stand-point too. "he added.