Open source software security

The Economy and Information Security

30 November -0001

The internet security blog Security Aegis has just published an article, distilled out of interviews with some industry professionals, concerning the state of information security and the economy. As one of the interviewee's for the piece I am of course biased, but I find it to be an excellent piece. It's interesting to note the commonalities between responses to questions about the field and the future. While these may not necessarily lend authority to the prognostications of the contributors, it certainly provides a valuable touchstone for the sentiment of those involved in the profession. The "conventional wisdom" may not provide an accurate roadmap for the future, but is a great indicator of how people are feeling now.

My own personal feelings about the recession and how it will affect the profession are largely comprised of apprehension. Information security is increasingly driven by monetary concerns. The happy hackers of yesteryear, looking to deface your webpage, are long gone, instead replaced by shadowy criminal elements driven by financial gain. Botnets, spammers, con artist, click fraudsters, digital hostage takers, and others are increasingly comprising the ranks of foes security professionals face. With a down economy the monetization of information security is likely to increase. With money becoming more scarce, will these criminal elements become more brazen? Will they be willing to risk greater exposure in order to carry out more blatant attacks? Will employees become tempted to sell out their employers resources for a quick buck? Will hordes of laid off IT staff turn from World of Warcraft to devote their waking hours past midnight to illegal schemes in order to pay the rent? These are the sorts of questions that plague me when considering the state of the economy.

On the up side I think a down economy is a boon for open source. In a shaky economy, trusting information and processes to a closed source vendor who could go out of business is a risky proposition. By utilizing open source systems, information remains free and companies aren't tied into specific vendors. Open source is also fairly recession proof, since the developers that drive much of open source aren't being paid for their product anyway.

In the end we'll have to wait and see what happens as the economic climate changes. I'm not sure anyone can make any accurate predictions at this point. When Allen Greenspan himself stands up before Congress and says he's "shocked" how can any of the rest of us possibly hope to have any greater insight?