dcsimg

The Continuing Open Source Security Debate

Lora Bentley

It's almost funny how nearly every other week there's a new study on the security of open source software, or the lack thereof. A new report sponsored by Fortify Software says open source is not secure and governments and others who rely on it should do so with caution.

 

According to PC Pro, the study found serious security flaws in the projects it scanned and also uncovered that those flaws "persisted across product releases." The story also quotes the Fortify report as follows:

"[O]pen source development seems resistant to information on security."

But unless I'm mistaken, Google's oCert was created to help ensure that where flaws are found, someone knows about them so they can be fixed. And Fortify competitor Coverity is working with the Department of Homeland Security and others to scan open source projects for flaws so that the project creators can make sure they're fixed. Coverity released the 2008 report from its scan not too long ago.

 

What's more, every open source project Web page I've ever seen has a mechanism for reporting and fixing bugs and vulnerabilities. If they weren't interested in security information, would such mechanisms even exist? And let's not forget that this secure-not secure debate has been going on for years. Each side supports its own studies and reports its own findings. So the answer to who wins depends upon whom you ask.


Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.




Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.


×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.