Wednesday, July 16, 2008

Is single vendor-driven open source a greater security risk?

Ounce Labs, a software risk analysis company, has uncovered two security vulnerabilities in the Spring Framework.

Considering how long Spring has been in use, and its popularity, how could such vulnerabilities remain hidden so long? After all, isn't one of the hallmarks of open source the strong community vetting? Could it be that the shift towards single-vendor-driven open source is making open source riskier?

What the Spring vulnerabilities are

Kudos to Ryan Berg, chief scientist and co-founder of Ounce Labs, and Ounce team for uncovering the issues and working with SpringSource to raise awareness.

Read More Article...

No comments: