dcsimg

Ruby programmer or Hacker, Are You Betting the Farm on BeanieBoy01?

By Kenneth Hess (Send Email)
Posted Jan 14, 2009


Ken Hess
When you were working on that project that uses open source code, did you download code written by BeanieBoy01? BeanieBoy01 is a known hacker who's part of a larger group of black hat computer terrorists who've stolen more than 30 million credit card numbers and PINs in the past two years. No, wait, I'm sorry, BeanieBoy01 is a legitimate Ruby programmer who posts his code to SourceForge and allows anyone to download it and use it free, even for commercial projects, under a public domain license.

Cover Your Assets: Know with whom you're working on that all-important project or it could cost you the farm.

So, which is it? Is it BeanieBoy01 the notorious hacker out to steal your credit card information or groovy guy BeanieBoy01 chilling out in his parents' basement providing the world with awesome, useful and harmless code? The problem is that you don't know which it is.

SourceForge is a huge repository of open source software projects developed and supported by people like you, BeanieBoy01 and me. Though in the legal agreement between you and SourceForge, you have to certify that "Your Content does not contain any viruses, worms, Trojan horses, malicious code or other harmful or destructive content," not everyone who accepts the agreement complies with it.

Here are the big questions that should go through your mind when selecting open source software for your business:

  1. Is the programmer or provider trustworthy?
  2. Will the programmer be available to you long term or for the life of the project?
  3. Is there a backup provider?
  4. Have you checked the code for bugs, spyware or viruses?
  5. What recourse do you have in case of damages to your data, systems or client information?

Answering these questions might not be an easy task. Find out all you can about the programmer before deploying their code into your project. Ask the programmer if commercial support is available either directly through him or a third party. You should also ask if there is a backup provider in case you don't know anyone who can examine and make changes to the code to suit your needs. If you're not a programmer, it is prudent to have the code checked by a professional. Reliable resources are available to you at local colleges, user groups and on the Internet.

Discuss this article in the ServerWatch discussion forum

Unsure About an Acronym or Term?
Search the ServerWatch Glossary
 

One question that arises when any discussion of open source software surfaces is "What do we do in case of < insert worst case scenario here >?" This single sticking point prevents many companies from taking advantage of open source software. They want a responsible party from which to seek damages in case of a failure or other problem. Most individually developed applications are provided to you as-is, at no cost and with no warranties or remedies in the event of a failure. This is why you must be cautious and prudent in your selections.

To be honest, I don't know BeanieBoy01 and I made up the name to illustrate the point that you don't know him (or is it her?) either. I love open source software, and I appreciate the many hours programmers spend banging out visible code for us all to see and use as we wish, but you have to be careful.

It isn't frugal at all, if that free code costs you or your customers thousands of dollars to repair the damage it caused. Does all this mean that I don't think you should seek out open source applications and software — even if someone like BeanieBoy01 develops them? Certainly not. Cover your assets by doing a little investigative work, as it may prove frugal in the end.

Ken Hess is a freelance writer who writes on a variety of open source topics including Linux, databases, and virtualization. You may reach him through his website at http://www.kenhess.com.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.