Rawpixel - Fotolia
- Tsahi Levent-Levi, BlogGeek.me
Open source collaboration software has similar security risks to any other open source software. The main question is who is responsible for maintaining, upgrading and deploying it?
Open source collaboration software has its own set of security risks, too. Some people might say security means getting several developers to scrutinize the code base -- but this hasn't always worked well.
In 2014, a serious vulnerability, known as Heartbleed, affected OpenSSL, one of the most popular open source projects that practically runs modern security over the Internet. Heartbleed was undetected in the code base for several years.
Many developers had access to the code, but none found it. Reliance on the masses doesn't always work for open source software security, which leads to the next issue when security threats are found: How do you plug these holes and maintain the code base?
If you install and operate open source collaboration software in your company, you need to keep it up to date, especially amid various security patches. The challenge is having an owner of the software -- someone who is held responsible and gives support when things go wrong.
Normally, you will use a collaboration software as a service (SaaS) vendor that develops its own open source collaboration software or maintains one. In this case, security will be the vendor's responsibility.
When you choose open source collaboration software for your organization, consider the following:
- Make sure the software comes from a company you can trust;
- Evaluate the size of the ecosystem around it;
- Follow the open source software's security advisory notifications; and
- If you opt for a SaaS vendor, see how the vendor views security and the privacy of its customers.
Do you have a question for Tsahi Levent-Levi or any of our experts? Ask your enterprise-specific questions today! (All questions are treated anonymously.)
New employee habits reshaping enterprise collaboration
Security is a top concern for collaboration in the enterprise
Getting your organization ready for open source software
Dig Deeper on Unified Communications Security
Linux Foundation & Harvard carry out open source ‘security census’
EU patches 20-year-old open source vulnerability
Mozilla Secure Open Source Fund to aid developers with audits
Heartbleed bug has had positive effect on OpenSSL, says Rapid7