Davey Winder
Monday, 21 July 2008 17:47
Business IT -
Open Source
Page 2 of 3
The former cyber security advisor to the White House,
Howard A. Schmidt, says that while open source can be a valuable option
in the corporate enterprise, vulnerabilities need to be a point of
concern with CIOs. "This is an endemic issue that starts in the open
source community" Schmidt insists, adding "while open source software
faces the same vulnerabilities as commercial or in-house developed
software, the mechanisms to test and analyze software code need to be
done with great rigor in open source communities to influence a secure
development process."
Great rigor indeed, especially when you consider
that Gartner recently predicted that some 80 percent of commercial
software will include elements of open source technology by 2011.
Furthermore, another survey from CIO points to more than half of its
respondents using open source applications within their business
already.
Yet while Forrester Research has indicated that 88 percent of
respondents to its Enterprise and SMB Software Survey considered open
source software security to be an important concern, and there is
little doubting the enterprise adoption rates of OSS are on an upward
curve, Fortify remains unconvinced that the open source development
community is taking security seriously enough.
It argues that little has been done within the OSS community to
implement what it calls "enterprise-worthy application security
measures" and as such recommends that businesses should apply the same
kind of risk and coding analysis techniques that financial services
companies do with their open source software implementations.
So how can business best mitigate against the risk of insecure
applications and what is the hidden cost of open source software in the
enterprise? Find out on the next page...
CONTINUES
LATEST HEADLINES FROM YOUR IT
