Chapter 6. Hackers, Attackers, and Would-Be Bad Actors: Thoughts on Security for Hybrid Cloud

All software, proprietary or open source, has long been a target for cyber hackers, attackers, and would-be bad actors. We want to ensure we set the right tone for this chapter: we aren’t suggesting that open source is inherently less secure than products built in a proprietary manner—not at all. But there is something to the old adage “You get what you pay for.” (And as we’ll explore later, there’s a world of difference between building systems for pet projects versus designing for the needs of enterprise.) Kate Compton makes the delightful comparison of “free” (open source) software to the curbside donations you might find after a move or when the college dormitories empty out come spring: “mattress-ware.” Sure, it’s free, but like with so many things in life you’re generally getting what you pay for. “Mattress-sourced” software might be the byproduct of an academic project or a developer’s Friday night whimsy. Making project code “open source” is a potential way to give new life to the project, but it comes with the expectation that there’s a fair bit of cleaning to do (of software bugs or literal bedbugs) before you would consider putting it “into production.” The point we want you to remember is that open source software for the enterprise requires much consideration and effort. You’re almost always better off partnering with an enterprise open source vendor.

One of the best parts ...