Language Selection

English French German Italian Portuguese Spanish

Is open source software bad for business?

Filed under
OSS

One security outfit which conducted a study into the use of open source software in the enterprise, the results of which are published today, seems to think so. It states that "Open Source Software (OSS) development communities have yet to adopt a secure development process and often leave dangerous vulnerabilities unaddressed."

New data from Fortify Software suggests that the rising adoption of open source software within the enterprise is putting the average business at far greater risk than it should.

The Open Source Security Study has just been published and reveals that some of the most widely-used open source software used within the business environment are leaving users exposed to a "significant and unnecessary business risk."

As well as insisting that OSS development communities do not adopt a secure development process that follows software security best practise, and therefore often leaves potentially dangerous vulnerabilities unaddressed, Fortify goes on to charge that "nearly all" such OSS communities are also failing to provide users access to the kind of security expertise that could help remedy the vulnerabilities and risks that remain.

The survey, which was undertaken by application security consultant Larry Suto, looked at a total of just 11 of the most common Java open source packages.

More here




More in Tux Machines

Leftovers: Software

  • SMPlayer 17.1 Features ‘Experimental Support’ for Chromecast
  • Support for Chromecast in SMPlayer 17.1
    SMPlayer 17.1 features experimental support for Chromecast. Now you can send videos from SMPlayer to your Chromecast device, including local files from your computer and online streams such as TV channels or videos from sites like YouTube, Dailymotion, Vimeo, Vevo and many more.
  • How Node.js Is Transforming Today’s Enterprises
    On today’s episode of The New Stack Makers, we sat down with NodeSource Solutions Architect Manager Joe Doyle and NodeSource Chief Technology Officer and co-founder Dan Shaw to hear more about how today’s enterprises are approaching working with Node.js. The interview was recorded at Node.js Interactive 2016, which took place in Austin, December 2016.
  • 4 Configuration Management Tools for DevOps
    In the past, maintaining technology infrastructure, deploying applications, and provisioning environments involved many manual, iterative tasks. But in today’s DevOps arena, true automation of these tasks has arrived. The benefits of automated configuration management range from time savings to elimination of human error. Meanwhile, configuration management platforms and tools have converged directly with the world of open source. In fact, several of the very best tools are fully free and open source. From server orchestration to securely delivering high-availability applications, open source tools ranging from Chef to Puppet can bring organizations enormous efficiency boosts.
  • GPMDP Is A Feature-Packed Google Play Music Desktop Application
    The application is built using Electron, so it's a wrapper for the Google Play Music web interface, with various desktop features added on top, like media keys support, tray/indicator and much more.
  • Netdata 1.5 Released With FreeBSD Support, New Plugins
    Netdata, for the uninitiated, is a distributed real-time performance and health monitoring suite. Netdata can be used for monitoring server performance/health as well as VMs, IoT devices, and more in a "fast and efficient" manner. Netdata 1.5 has been released as a big update to this open-source tool.
  • Firefox Gets Better Video Gaming and Warns of Non-Secure Websites
    Today’s release of Firefox includes various features for developers and users that enable a richer and safer experience on the web.

Leftovers: Gaming

Red Hat News

Security Leftovers