Mike Miller, director of security at Media General, is a big fan of open-source tools, particularly for use in security. "I joke that it's because I'm cheap," he says. "But the fact is, there are solid open-source security products that have been around a long time."
The independent, publicly owned communications company in Richmond, Va., migrated to Red Hat Linux several years ago, and it uses a variety of open-source security tools, including the Nessus vulnerability scanner and Snort intrusion-detection software.
[ Discover what's new in business applications with InfoWorld's Technology: Applications newsletter. | The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. Learn how to secure your Web browsers in InfoWorld's "Web Browser Security Deep Dive" PDF guide. ]
But there's a catch: Whereas users can receive training from Red Hat and even become certified in Linux , they're on their own when it comes to the security applications. "It's more a matter of getting to know the application, using it and researching it on the Web," Miller says. He tends to hire internally for his team, and so far all of his people have had to learn on the job. While the basics come pretty quickly, Miller says, the tools are more difficult to master than their commercial counterparts, and it might take a year to become really comfortable with some of them.