Monday, July 28, 2008

New data shows open source software often doesn't employ best practices for securing code

Fortify Software has released its Open Source Security Study which reveals that the most widely-used open source software packages for the enterprise are exposing users to significant and unnecessary business risk.

The study validates that Open Source Software (OSS) development communities have yet to adopt a secure development process and often leave dangerous vulnerabilities unaddressed.

Additionally, the study found that nearly all OSS communities fail to provide users access to security expertise to help remediate these vulnerabilities and security risks.

“Open source software is an Achilles Heel in today’s corporate enterprises, and should be a significant concern for CIOs who depend on open source software to run their business,” said Howard Schmidt, former cyber security advisor to the White House and (ISC)2 Board Member. “This is an endemic issue that starts in the open source community, and while open source software faces the same vulnerabilities as commercial or in-house developed software, the mechanisms aren’t as prevalent in open source communities to influence a secure development process.”

Read More Article...

No comments: