![[x]](/images/sigil_md.jpg)
Blackmoor VituperativeIT professionals concerned about Forrester Research competence
Forrester Research has come out with a report stating, among other things, that half to two-thirds of businesses have “concerns” about open source security.
The problem with empty headlines like “Companies still concerned about open source security” is that they tell you nothing and yet imply everything. You may as well say, “Study Reveals Pittsburgh Unprepared For Full-Scale Zombie Attack“. What does this headline tell you? Is any city prepared for a full scale zombie attack? Is a full-scale zombie attack even remotely likely?
The answer to both is “no”. Yet the headline implies that the answer to both questions is “yes”.
Should companies be concerned about the security of open source software? Of course they should — and they should also be concerned about closed source software, as well as the firmware in their hardware, their physical security, and the safety of their employees in the parking lot.
Should companies avoid open source software for “security” reasons? Of course not. Open source software is, in general, more secure than closed source software, and security flaws in open source software are more quickly corrected when they are found.
The problem with polls like Forrester’s (and those who conduct them) is not that the results are inaccurate (although they may be). The problem is that you won’t get the correct answer if you do not ask the correct question — and you have to understand the topic in order to ask the right questions. Forrester Research clearly doesn’t.
