Implementation tipsheet
To lay the groundwork for greater use of open-source software in government, Mitre Corp. officials recommend the following three policy steps:
The list should include applications that are commercially supported and widely used, and have proven track records of security and reliability. When considering products for the list, officials should give priority to heavily used applications and tools that provide high value. Examples include Linux, OpenBSD, NetBSD, FreeBSD, Samba, Apache and Perl.
These include policies that encourage the use of commercial products that work well with open-source programs, such as Microsoft Corp. Windows Services for Unix products, which can use open-source development tools. In addition, policies should be created to deal with products — such as Apache and Linux — that are already in use but may not enjoy official approval status.
Having an array of products lowers the risk of cyberattacks based on exploitation of specific products' features or flaws, and adding open-source products is a low-cost way to diversify the overall product mix.
NEXT STORY: States need better security