Open-Source Security Tools Are Free... And Other Lies We Tell Ourselves Avatar Photo
Security Boulevard, Tuesday, November 19th, 2024
When deciding what approach to use for security tooling, it seems like there are two choices:
1. Sell your left kidney and buy the enterprise solution whose name is on the side of a Formula 1 car
2. Pick the free open-source tool that swipes right on more false positives than a dating app during a lonely Friday night
In light of recent reports revealing over 500,000 new malicious open-source packages tracked since November 2023, the stakes for making the right choice are very, very high.
But like everything in security, there's more to unpack in reality. Let's talk about when open-source security tools make sense when commercial solutions are worth the kidney, and if we can trust tools built from an open-source core.