This article ran on Linuxworld Australia a while back on the open source versus closed-source argument. This is not unusual; go check out most open source news websites, and you’ll find dozens of similar posts.
One thing struck me in the article though that I have heard before, and it’s an outrageous discussion. Compare these two things:
-
“We don’t do open source because my lawyer says there’s no one to sue,” says Phil Maier, vice president of information security at Inovant, Visa’s technology deployment division. “The lawyers had the final say.”
-
“Microsoft seems lax to security threats,” says Robert Swiercz, managing director of the Portal of Montreal, the city’s Web site. “I have less and less ability to trust them.”
Now let’s consider these points:
-
If your site’s security fails, and your customers’ data is exposed, they WILL sue you. Your lawyers will have to take that on.
-
If your lawyers have someone to sue, and that someone is Microsoft, good luck with that. History has shown a low success rate there. It’s an extremely expensive road to boot. Your lawyer may have someone to sue, but I guarantee he won’t want to do it. In reality, this applies for most of the truly big software companies too- is your lawyer going to take on Oracle? Sun? IBM?
Now, this is not an argument that Open Source is better. The article I point to addresses this point as well- whether or not Open Source or Closed Source is more secure is and will remain a ‘religious’ debate, not a quantifiable, testable debate. My point is this: if you are making your decision of which platform to use based on who you can sue if something goes wrong, consider just who it is you would sue in any event. A losing lawsuit is worse than an inability to sue.
Besides that, isn’t a better risk management to software flaws to adopt top-notch quality assurance and security testing to assure you’re deploying the best product possible, not to plan for your odds of opening and winning a law suit?
Ask yourself this as well: If you end up in an actionable situation, it will be because your product has a flaw that is hurting your business. How much are your customers going to care if you win or lose the law suit? Will they come back to you after you tell them that “It’s okay, we won the lawsuit!”? If your customers have left, does it even matter in the long run if you win the lawsuit?
Choose your products based on quality, usability, effectiveness… planning for legal actions is not a valid business strategy. Just ask SCO.
Like this post? Buy me a cup of coffee.Popularity: 9% [?]
This blog is written by me, Stacey Douglas, an analyst, project manager, systems designer and executive in the software industry. You can learn more about me at my website, http://www.staceydouglas.com.