Mocana vs. Open Source: Developing Security for Embedded Devices

This is the era of open source solutions. When IT administrators look for security tools to take care of their devices and applications, open source libraries are turning out to be likeable alternatives. Development teams of embedded systems are open to open source solutions for almost any security protocol such as OpenSSL, OpenSSH, and "Swan" IPsec (FreeS/WAN, Openswan, and strongSwan). These are popular projects that provide a number of optional user-written add-on modules. They are also available free of cost. But when it comes to implementing security in non-PC environments, there are some common challenges to using open source security code in production environments. These include porting considerations where open source security products were designed for desktop systems; security concerns regarding open source security code that has a history of routine and significant security flaws; hidden costs such as while open source libraries appear to be free but there are associated costs of development, maintenance and legal liabilities. Support issues include lack of documentation, samples, support, and maintenance. Code quality is a concern because open source code varies from project to project and certification and legal issues of open source security code has a history of difficulty getting and keeping FIPS validations.