NOTE: There is a new effort to do this in Ottawa with Tech4good.

Earlier this week I went out to Green Drinks Ottawa and had a really good conversation with a table of committed and very experienced environmentalists. Open source came up in conversation, and one of the people brought up security concerns as the main reason that their organization had decision not to use open source software, but rather to develop custom applications. I brought up a couple examples of how pretty much every big corporation is using open source software these days and are investing in its long term development.

I think that the definitive case for closing the door on the whole fear, uncertainty & doubt (FUD) on open source software security is that it is good enough for the Central Intelligence Agency (CIA) I noticed the favicon a few weeks back, but hadn't actually looked at the source at the time. Earlier today I pulled up the source code and sure enough "<meta name="generator" content="Plone - http://plone.org" />". I suspect that they are just producing a static cache of the site which is visible to the Internet and that we're not actually seeing dynamic pages, however the platform is trusted by one of the most paranoid, security minded organizations in the world.

By developing software with a community of users problems can be found and repaired more quickly. There are always going to be new exploits that are possible in any software project. Very few organizations have the internal resources to be able to keep an eye on them all and so having a global community of users, developers and security experts looking at the same set of code is an excellent way for most organizations to ensure that their data is secure.