I'm not sure if this is appropriate for the forum, but I figured it was security related, so here goes...

I'm writing an anlaysis for my group about moving some of the old internet protocols (rsh, rlogin, etc...) to the SSH suite of tools. An outside security group recommended a commercial version of SSH (Tectia), but I'm not sure that it's worth paying for. I have lots of previous experience with OpenSSH, and I was wondering if the commercial version offered anything more than the open-source version. I understand that the open-source version does not use patented algorithms. Am I losing any level of security by using the open-source version over the commercial version?

Any info would be greatly appreciated!!

Given they're implementing the same algorithms(DES, etc) how different can they be? Seems like open-source-paranoia to me, the outdated notion that actively updated open source is wide-open to hackers while slower-updated closed source is invulnerable.

IMHO there is no valid reason to use commercial SSH instead of OpenSSH. I've worked at several companies which provide web services and all used OpenSSH. If there were any real security issues with it we never could have done that.

Only old versions of OpenSSH has some exploits available, but still, not so dangerous.
However, some companies prefer the "enterprise" approach rather than open-source.

The outside security company says that because of liability.

Something goes wrong with an open source app, there's no one to call for help, and there's no one liable other than yourself, yet, the security company who told you it was ok to use an open source app may become liable.