Open source collaboration software has similar security risks to any other open source software. The main question...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is who is responsible for maintaining, upgrading and deploying it?
Open source collaboration software has its own set of security risks, too. Some people might say security means getting several developers to scrutinize the code base -- but this hasn't always worked well.
In 2014, a serious vulnerability, known as Heartbleed, affected OpenSSL, one of the most popular open source projects that practically runs modern security over the Internet. Heartbleed was undetected in the code base for several years.
Many developers had access to the code, but none found it. Reliance on the masses doesn't always work for open source software security, which leads to the next issue when security threats are found: How do you plug these holes and maintain the code base?
If you install and operate open source collaboration software in your company, you need to keep it up to date, especially amid various security patches. The challenge is having an owner of the software -- someone who is held responsible and gives support when things go wrong.
Normally, you will use a collaboration software as a service (SaaS) vendor that develops its own open source collaboration software or maintains one. In this case, security will be the vendor's responsibility.
When you choose open source collaboration software for your organization, consider the following:
- Make sure the software comes from a company you can trust;
- Evaluate the size of the ecosystem around it;
- Follow the open source software's security advisory notifications; and
- If you opt for a SaaS vendor, see how the vendor views security and the privacy of its customers.
Do you have a question for Tsahi Levent-Levi or any of our experts? Ask your enterprise-specific questions today! (All questions are treated anonymously.)
New employee habits reshaping enterprise collaboration
Security is a top concern for collaboration in the enterprise
Getting your organization ready for open source software
Dig Deeper on Unified Communications Security
Related Q&A from Tsahi Levent-Levi
When deploying embedded communications, some enterprises might consider CPaaS or WebRTC support. But one expert explains why CPaaS and WebRTC should ...continue reading
While many organizations use WebRTC for voice and video calls, enterprises can take advantage of the technology in other ways. Learn about some ...continue reading
Before deploying a communications API, organizations must carefully assess their options. Learn about two red flags that could indicate poor API ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.