Monday, July 21, 2008

Enterprises warned on open source security

A study into eleven popular open source applications has suggested that enterprises are underestimating the security risks of using the code.

Security vendor Fortify studies the applications, including JBoss and OpenCMS, and found a number of security problems, which it partially blames on bad security practices and processes by open source programmers.

“Security best practices are a low priority to the open source projects surveyed,” said the company’s Open Source Security Study.

“Yet open source packages often claim enterprise-class capabilities but are not adopting - or even considering - industry best security practices. Only a few open source development teams are moving in the right direction.”

Mozilla was highlighted as one of the open source projects that took security most seriously, but the report found that many other projects were no taking security of design and implementation seriously.

Read More Article...

No comments: