Multinational open-source software (OSS) provider SUSE Linux Enterprise’s products have stringent development and vetting processes, which ensures that they are as secure as any propriety product, says technical engineer and information technology consultant Johann Els.
Els notes that the concept of OSS – software that makes its source code available for modification or enhancement – is based on freedom of information, as well as end-users’ desire to use software as they wish, without unnecessary restrictions. He suggests that the notion that full transparency breeds vulnerability is completely flawed, explaining that the company would never risk putting clients in jeopardy.
SUSE is the provider of SUSE Linux Enterprise, a commercial distribution with service and support. In addition, the company is also a sponsor and contributor of OpenSUSE, an Internet community project, where many open-source projects are developed.
Els explains that, within the community, there are maintainers and mainlining teams responsible for developing code for certain software applications. The maintainer coordinates everything and the team ensures that the code produced is able to do what the maintainer requires.
“If a developer decides to contribute to a project, [since the code is completely visible], the community is able to assess and evaluate it and, if it is inferior or riddled with errors, the community will deny the code.”
This visibility also enables the community to examine and correct possible vulnerabilities in the code, which means that the potential problems are generally fixed before any negative effects can occur.
Further, Els states that distribution entities, such as SUSE Linux Enterprise, Red Hat or Ubuntu, among others, identify useful applications stacks that add value to enterprises or clients and then retain the maintaining team to assist in the development of a support structure.
“The user can download the free openSUSE-software from openSUSE.org, but if anything were to go wrong, they would be on their own. Essentially, when buying the SUSE Enterprise distribution, the client is not paying for the software, but for a tested and proved distribution, maintained by SUSE with all necessary patches and upgrades, that comes with professional support,” he explains.
Els notes that clients thus have all the benefits of OSS, such as the quick turnaround time, as well as visibility and accessibility, remaining secure in the knowledge that it has been vetted and will be fully supported in terms of both hardware and software. He adds that some free downloads from any open source project may not run on certain hardware devices, but that distribution entities ensure that the software they disperse is supported by hardware manufacturers.
Finally, Els notes for the commercial distributions if a client or its information technology team identify what they think are discrepancies or problems in the code; they can contact the SUSE Linux Enterprise team, which will facilitate communication between the client and the maintainers to see if they can resolve the issue.