Biomedical Engineering Reference
In-Depth Information
the original author into the development process (and into a confi dentiality
agreement).
There are a great number of open source licences available, but they
are certainly not all the same, and indeed not always compatible with
each other. For example, when the open source 'SpamAssassin' software
was moved into Apache, project organisers spent months getting
permission for the move from all the licence holders (around 100 in total)
[9]. Not all contributors could be tracked down, and some software had
to be rewritten to allow it all to move to the Apache licence. This
demonstrates how important it is to understand any reach through claims
and restrictions that are associated with a given open source licence. In a
large company this would almost always involve taking legal advice, and
producing rules on how to use the software safely within the licence;
another huge potential hidden cost of using open source software. For
anyone who wants to know more about the many and various open
source licences an excellent resource from the 'Open Source Software
Advisory Service' is available [10] and the subject was covered in a recent
topic chapter [11].
One of the biggest challenges in deploying open source software in a
commercial environment is ensuring that it is secure. Each year there are
a huge number of malicious hackings of corporations, with many well-
known companies suffering signifi cant damage to their businesses and
reputations. The IT vendors who joined the sequence services' team all
knew how to build secure platforms. Many work closely with customers
in the fi nancial and defence industries, and are consequently experts in
building secure IT platforms. When building these systems, security is
thought about and tested at every step. As open source software is often
not built with commercial considerations, the developers quite rightly
primarily focus on the functional aspects of the software. Although there
is some highly secure open source software (such as EnGarde Linux),
often the developer's focus is not necessarily securing the software from
skilled 'blackhat' hackers and crackers intent on breaking in. Traditionally
this has not been a huge problem. Where the software is hosted and
available on the internet, it either contains no data or only already
publicly available data. Given that the code is already open source, there
is little incentive for anyone to hack into the system other than pure
vandalism, and this means most sites come under nothing more than
basic 'script kiddie' attack. Where a large commercial company uses the
software it would be normal for it to be hosted inside their own data
centres on the internal intranet, which is safely protected from the
external world by large, sophisticated corporate fi rewalls.
Search WWH ::
Custom Search