OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

egov-bestpractice message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [egov-bestpractice] OASIS E-GOV TC : BEST PRACTICE SC CHARTER

Jon Bosak wrote:
 > This issue, at least, can and should be addressed simply
 > through a statement of the reasons that governments
 > should, wherever possible, avoid the use of proprietary
 > software, beginning with the security reasons.

This is an interesting point since there seem to be some opposing views 
regarding open source and security [1].  Open source initiatives may 
reveal unsafe coding practices to unscrupulous developers.  While 
"security through obscurity" is not necessarily the best idea, it 
effectively screens out most of the script kiddies and less experienced 
developers.  (Before I get flamed, please know that I believe open 
source has provided significant benefits to the developer community - I 
use several tools from both GNU and Apache).

I believe the main reasons for adopting an open source policy are the 
expectations of lower acquisition and ownership costs (although some 
ownership costs may be impacted by a tendency to tweak the code).  Most 
shops are not going to have the bandwidth, interest or budget for 
reviewing, recompiling or otherwise maintaining the code for open source 
apps and operating systems.

I'm not entirely sure if we should be advocating open source for 
security reasons.

[1] http://www.aberdeen.com/ab_abstracts/2002/11/11020005.htm
(Free abstract, registration required to access the full report.)

John Evdemon
Senior Associate
Digital Strategies
Booz | Allen | Hamilton

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC