[sklug] (Fwd) Linux Security [Accountability and Responsibility - 11/2

selectp na ba.profinet.sk selectp na ba.profinet.sk
Úterý Listopad 30 10:17:46 CET 1999


Toto je vcelku zaujimavy material o tom ako presvedit managemet 
podnikov a firiem o tom, ze aj free veci nie su na zahodenie a daju 
sa pouzivat zadarmo a k tomu legalne ...
(sorry ze je to take dlhe ... )
------- Forwarded message follows -------
LINUX SECURITY   
by Jim Reavis and Kurt Seifried        
November 29th, 1999        
TODAY: Accountability and Responsibility                              

People don't always get along, which is why we have civil and 
criminal
law. Typically, the threat of a lawsuit is enough to bring the
offending party in line, and if that doesn't work, you can sue them
into the ground. So what does this have to do with Linux? 

Many companies (especially their legal departments) feel very 
nervous
about using open source software, because there is no one to hold
accountable. This may seem somewhat strange when you 
consider most
software licenses from commercial companies do not even grant
ownership of the product to the purchaser -- they simply grant the
right to use it (which can be revoked without warning). From a legal
standpoint, companies -- especially publicly held ones -- are
accountable to their shareholders and employees, which means 
they must
abide by certain rules and laws that don't always make perfect 
sense
to some of us. 

Open source software does have several advantages over 
commercial
software however: You can typically find who wrote the code simply 
by
looking at a man page or the code itself. In most cases where 
there is
a problem, you can contact the author of the code who will usually 
be
responsive to fixing it. If the original author of the code is not
willing or able to, you can fix it yourself. This is obviously not
feasible for most companies, which has lead to the creation of
software vendors like Red Hat Linux and SuSE. These vendors are
dedicated to fixing the code they ship. You can also purchase
guarantees through a support contract. In the grand scheme of 
things,
most of Linux software vendors do as good a job or better than most
large commercial vendors of software. 

It is also difficult to explain to management that the software you
plan to use can be downloaded for free. Many people will not value
something if it is given to them at no cost because we are taught 
that
cost equals value. I have had several people tell me that the 
GNU/BSD
software effort will simply not last because you cannot give 
something
of value away for free. The only argument I can think of is to point
out that BSD is 20+ years old, Linux is 8+ years old, and that 
vendors
like IBM are jumping on board. 

- So How Can You Get Open Source Software Into Your Company? 
- 

One common strategy is best explained with a proverb: "It is easier 
to
gain forgiveness than to get permission." If you are confident that
open source can do the job, and that you can mollify your boss at a
later date, then this is a very good strategy. If a tree falls in a
forest, and doesn't crush any small woodland animals, does it 
matter? 

Or, if the bottom line is important, then using free open source
software can be an ideal solution. If the budget given to you for a
project is too small, and you're not successful in increasing it, you
can easily claim that you used the only tools available to you. This
technique also proves very successful because when your manager 
finds
out that you used open source software and tells you to remove it, 
he
will then have to provide funding for a commercial product to replace
it with; and if it's working, why break it? 

One last method would be to sit down with your manager and try to
convince him or her that open source software rivals most 
commercial
software and is cheaper. This technique is only recommended as a 
last
resort, however. Several points that you can use in your favor are 
the
fact that major vendors such as IBM are now selling Linux and 
porting
their flagship products to it. 

Open Source software is rapidly growing in popularity, and your 
efforts can bring it into your company when you sell the key points:
cost, support by the Big Guys, and a technology that can be 
quickly
patched to provide robust security. 

Resources: 
http://www.redhat.com/about/1999/press_compaq2.html 

http://www.linuxcare.com/ 
------- End of forwarded message -------



Další informace o konferenci sklug