Security body joins debate over EU Interoperability Framework

ENISA warns over Interoperability software

The European Network and Information Security Agency (Enisa) today stepped into the row over version 2 of the EU Interoperability Framework, which aims to offer governments and businesses guidance on using open source software.

A leaked copy of the document caused uproar within some sections of the technology community for appearing to water down the EU's official definition of what open source is, in response – it is alleged – to intense lobbying by the software industry.

Now, in a move that is likely to further anger the framework's critics, the EU's security agency has come to the defence of proprietary technologies, saying they have a place in a mixed system, and warning that the open source model and code sharing can be "risky" for businesses.

"We recognise the fact that proprietary software and open source software will always co-exist - and that both models have their advantages and disadvantages," said an Enisa spokesman.

"While it is true that open source code is available for all to see, meaning that many vulnerabilities can be detected and corrected, the support offering for open source code is not always in line with business requirements, which can make businesses vulnerable," he said.

However, Enisa conceded that going down the proprietary route is not without its risks.

"Vulnerabilities can arise when companies run software packages from different vendors as part of the same system. This is due to the fact that different vendors often deploy different security models and these are not always totally compatible," said the spokesman.

Enisa said it is already addressing software security problems cited in the EU Interoperability Framework in its strategy document, which is currently under development.