Davey Winder
Monday, 21 July 2008 17:47
Business IT -
Open Source
Page 1 of 3
One security outfit which conducted a study into the use of open source software in the enterprise, the results of which are published today, seems to think so. It states that "Open Source Software (OSS) development communities have yet to adopt a secure development process and often leave dangerous vulnerabilities unaddressed."
New data from Fortify Software suggests that the
rising adoption of open source software within the enterprise is
putting the average business at far greater risk than it should.
The
Open Source Security Study has just been published
and reveals that some of the most widely-used open source software used
within the business environment are leaving users exposed to a
"significant and unnecessary business risk."
As well as insisting that OSS development communities do not adopt a
secure development process that follows software security best
practise, and therefore often leaves potentially dangerous
vulnerabilities unaddressed, Fortify goes on to charge that "nearly
all" such OSS communities are also failing to provide users access to
the kind of security expertise that could help remedy the
vulnerabilities and risks that remain.
The survey, which was undertaken by application security consultant
Larry Suto, looked at a total of just 11 of the most common Java open
source packages. The evaluation of security expertise and that all
important secure development process metric, was done by Fortify which
claims it "interacted with open source maintainers and examined
documented open source security practices" as well as downloading and
scanning multiple versions of each package looking for vulnerabilities
using a static analyser. Security-sensitive areas of code were also
scanned manually.
What does the former cyber security advisor to the White House have to
say about open source software vulnerabilities? All will be revealed on
the next page...
CONTINUES
LATEST HEADLINES FROM YOUR IT
