I read some while ago this article about the use of “Open as a weapon“.
This article and its thoughts came to my mind during these last couple of weeks when there have been a couple of security issues happening more or less at the same time. I’m referring to Open SSL heart bleed vulnerability. and Microsoft IE security bug.
The question that came to my mind was the way of life of the organizations behind these pieces of software, and how that made the difference. There are 2 aspects to evaluate.
Time response, is the first one. Heart bleed was discovered and some hours later the solution was published for all the community. There were a quick reaction of the whole security chain in all organizations and in a couple of weeks, so many environments are safe against this bug. Microsoft took more time to find the solution for the issue.
First round: time response = OpenSource 1 – proprietary software 0.
Crisis outcome.
The reaction of the organizations related to Heart bleed was first to discredit open source; later when everybody understood that the solution was to make an update of the software because the solution was already there, nobody shouted anymore.
With the IE issue, the first reaction was, OK, let’s wait for the solution, Microsoft will find it. Once they waited enough time, some big companies that are so reluctant to promote changes, they were forced to announce that for extra-net navigation employees were able to install Firefox and Chrome!!! The reason that always was given is: security is key for our organizations and we have to keep safe from software that does not guarantee the security. Suddenly these reluctant organizations change the direction of the things in a couple of weeks.
For me this change of direction is not a surprise, it was going to happen sooner or later. Again OpenSource have demonstrated to be an useful weapon.
Second round: crisis outcome = OpenSource 2 – proprietary software 0.