Sunday, 27 June 2010

Why open source security projects tend to fail..

After having used an open source project for security for a short while, one of the questions which i have asked myself for a while came to forefront. Why does open source project fail ?

I have realised over the past few months a start up has taken up the challenge of supporting an open source package for Identity Management. Some of the real challenges which they seem to be facing include the question of survivaiblity. Something which a startup would find hard to give any assurance to a third party. To thier credit they have tying up with a service provider who are willing to cover this risk.
In spite of all this when it comes to product selection, quit a few of the architects involved seem to think this is high risk. This makes me wonder if there is a better way of handling this risk. In general you try to reduce, transfer or decide to live with the risk. The path of reduction of risk in Open Source projects by allowing some of your team members who work hand's on with the project doesnt seem to be a very acceptable pattern for most entities involved.
The alternative model that has been slightly more successful is the one I came across in US where the government is stepping in to provide some level of support. An example of this is OISF ( Open Information Security Foundation). I am yet to see a similiar intiative in Europe, which is traditionally the home for most of the Open Source projects. I wonder if the trend would catch up, given the economic conditions is this realistic expectations....

2 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Hi Anish! My name is Kenny Song and I saw that you've done some stuff with Udacity. We'd like to invite you to join Team Renaissance for the Udacity Challenge.

    Our team is currently the largest in the world, and we have members from 9 different countries. We're also running an in-team competition for prizes! Oh, and you don't have to be a high school student to join.

    Thanks! Hope to hear from you soon.

    ReplyDelete