There is a lot of talk about whether proprietary software is more secure than open source software. Often, the proponents of proprietary software suggest that if the programming code is open, then any malicious hacker can figure out what makes the software tick and interfere with, or even steal sensitive data.

This is a surface analysis used by those who are still stuck in the shrink wrapped software days that made companies such as Microsoft wildly successful. Those days are quite possibly over or at the least, not at all what they were.

Open source and social community upsets advocates of closed and proprietary code because not unlike the issues typically presented by mass social availability (imagine the reduced size of Twitter and Facebook if they were NOT free) immediate profits of proprietary code developers are reduced.

Well Now That You Put It That Way…

Consider:

1. Though Microsoft operating systems, software suites and website development language have been the most widely used in the world and "closed source," they are by no means less vulnerable to attack as we well know. In fact, because this software is proprietary, problems are harder to resolve since only Microsoft can read the source code, resolve a problem or release a patch while we wait for the solution.

2. Credit card numbers have been stolen from the very clearing houses businesses depend on to protect them. I bet Heartland was not using out of the box open source solutions when it announced that personal data of up to 600 million cardholders was being sniffed by hackers.

3. The cost of custom database programming from Oracle has a reputation. Remortgage your house to pay for it unless you’re Fortune 500. Still in 2008 well known researcher David Litchfield published a white paper on just how to hack the then latest release of the Oracle database with “lateral SQL injection.” One guy – just like that. Though the problem was no doubt addressed, Oracle still has to release security patches quarterly. So does the high price make their solution more secure or less prone to being hacked? Apparently not.

4. Even that innocent little pdf by Adobe attached to so many of your emails is vulnerable and hopefully you have downloaded the fix to the latest threat. In mid December Adobe admitted that it had confirmed earlier reports of a flaw in Reader and Acrobat that allows a malicious PDF to execute code even on fully-patched versions of Adobe's software. Adobe classified the security flaw as "critical" but still decided to delay release of the security patch until mid January 2010. What’s notable is that though the security hole was previously known (personal proof: one of my assistants opened the FedEx email pdf attachment months ago and we lost that computer real quick), Adobe essentially was in no hurry.

But What Else Is There If Not Microsoft Windows, Office and ASP.net?

A. Linux is not just for website servers. It is now getting popular on PCs and laptops and being heavily used in corporate applications (even Apple!). So how many websites are on Linux vs. Windows servers? A lot. The Linux community is by some estimates over 30,000,000 strong. For web servers CentOS is a community-supported, free and open source enterprise class operating system based on Red Hat Enterprise Linux (which is not free). What’s interesting to note though is that both Red Hat and CentOS are based on the open source Linux.

B. Here’s one you may not know. Apple (closed proprietary and the “haute couture” of tech companies) uses open source as part of the core of Mac OS X – BSD Unix. “Apple believes that using Open Source methodology makes Mac OS X a more robust, secure operating system, as its core components have been subjected to the crucible of peer review for decades,” says Apple.

C. Selling products online? You guessed it. The very large and powerful osCommerce shopping cart solution is free (and comes with over 228,400 store owners and developers for a powerful support community).

D. Finally, try Google Docs and GDrive which now gives you 1GB of storage free and now accepts any file type. Combine that with OpenOffice for an open source (read: completely free) version of Microsoft Office and you will be an advocate of open source real soon (Note: In April of 2009 Oracle bought Sun Microsystems and their open source MySQL database solution and OpenOffice).

Open source has brought the Internet community huge benefits and allowed it to expand astronomically. Use it properly by starting with an established solution. We have all heard of Joomla and Wordpress for content management systems. They have strong communities to assist and are again, free. Customization is where you’ll spend any money.

Security Is A Process, Not A Program

In the end security means more than just sound programming. Common sense and constant vigilance are in order. Is your site unusually slow or is part of it not functioning? Are your site stats out of whack or band width spiking? Each website should be monitored for these and similar issues.

There is no "unhackable" code, open or closed. “It’s not if, it’s when.”

So then what are the real differences here? There are two really. Closed source proprietary solutions are less flexible and more expensive. The code is not open so you must continue to rely on one company to make future customizations to your code. And support, fixes and patches that you rely on the same company for are paid for with the higher cost charged for the closed source solution. That seems like a circular make work project especially considering that for popular open source solutions such as CentOS, osCommerce, Joomla and Wordpress, you get release updates and fixes from 1000s of the brightest minds around the world for free.

So we come back to process not program. Look for a good technology partner if you don't have one in house and start leveraging open source technologies for speed, flexibility and cost advantages.