We spoke to Harish Pillay, Global Community and Technology Architect, Red Hat Inc. Here's the interview that sheds light on the cloud, apps and other trends in the enterprise market that's relevant to developers.
Harish Pillay, Global Community and Technology Architect, Red Hat Inc
A lot has been spoken about Linux and open source as a whole. It's secure, it's free. For every secure feature spoken about in Linux, there is someone out there working on an attack. How do you plan to address such concerns?
I think the easiest way to answer this question would be to flip it the other way around. When you design something or build something with security in mind, you are always cognizant of the fact that you can have ten measures and if everything works fine, that's great. But on the other side, the other person needs to succeed just once! Whatever ten things you have that is successful, is done away with this one failure. Well that is the story in the proprietary perspective. In the open source perspective, everything that we build is completely transparent. Everybody knows what we are building. So if there is a problem somewhere, that there's something people could try to exploit, you just fix it! So there is a phrase in the open source community that goes, "many eyeballs make all bugs shallow". So the more people looking at stuff, there's no guarantee that everyone would look at it, but the chances are much greater in the open source space than the proprietary space for obvious reasons. Therefore to find something it takes much less time, and happens sooner. This is something that's been proven. If there's an issue it gets solved very quickly and in the case of Red Hat, for example, everything that we do is from scratch. If we have security vulnerability, we know there is a problem and we got to fix it. So our track record has been 95 per cent. We resolve 95 percent of severity 1 queries that need to be resolved within 24 hours. The remaining 5 per cent are solved in the next 24 hours. So over a period of 48 to 72 hours, issues have been fixed. And this is coming from us saying it, this is not Red Hat saying it, this comes from CERT. You can find the details at cert.org.
Since the product was built with security in mind, chances of it having issues are much lower. It's not zero. It's never zero. But it's significantly lower. That's the major plus point here. Security is one of those things where everybody has their own opinion. As long as everything is okay, thing's are fine. The moment something breaks, is where the situation stands out. Our track record here has been very positive. And I don't mean just us here, but open source in general.