At the same time that a group of open source software vendors and supporters are working to convince the Obama administration to consider open source software solutions, Fortify Software is cautioning the government against adopting such solutions without first ensuring the appropriate security measures are in place.
In a recent press release regarding the open letter to Obama, Fortify CTO Roger Thornton said:
Governments and open source proponents need to understand that security is not a birthright. It does not come 'for free' because of the way you license your product. If security objectives are not clear and secure development methodologies are not in place, it's a pretty safe bet that security problems will result-whether open source or commercial software.
He points out that the money saved in using open source could be quickly "diminished" by the costs of hardening code and/or responding to resulting litigation if security issues are not considered from the outset.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Of course, Fortify's cautionary tale is as self-serving as the plea for open source coming from the open source vendors. Fortify is in the security software business, so it only stands to benefit if the Obama administration heeds its call.