Language Selection

English French German Italian Portuguese Spanish

Is open source software bad for business?

Filed under
OSS

One security outfit which conducted a study into the use of open source software in the enterprise, the results of which are published today, seems to think so. It states that "Open Source Software (OSS) development communities have yet to adopt a secure development process and often leave dangerous vulnerabilities unaddressed."

New data from Fortify Software suggests that the rising adoption of open source software within the enterprise is putting the average business at far greater risk than it should.

The Open Source Security Study has just been published and reveals that some of the most widely-used open source software used within the business environment are leaving users exposed to a "significant and unnecessary business risk."

As well as insisting that OSS development communities do not adopt a secure development process that follows software security best practise, and therefore often leaves potentially dangerous vulnerabilities unaddressed, Fortify goes on to charge that "nearly all" such OSS communities are also failing to provide users access to the kind of security expertise that could help remedy the vulnerabilities and risks that remain.

The survey, which was undertaken by application security consultant Larry Suto, looked at a total of just 11 of the most common Java open source packages.

More here




More in Tux Machines

5 Kubernetes must-reads: Tips and trends

Kubernetes is having a moment – but don’t look for its popularity to wane anytime soon. As enterprises move beyond experimenting and start working in earnest with containers, the number of containers multiply: So do the manual chores. Orchestration tools like Kubernetes add automated help. “Running a few standalone containers for development purposes won’t rob your IT team of time or patience: A standards-based container runtime by itself will do the job,” Red Hat technology evangelist Gordon Haff recently noted. “But once you scale to a production environment and multiple applications spanning many containers, it’s clear that you need a way to coordinate those containers to deliver the individual services. As containers accumulate, complexity grows. Eventually, you need to take a step back and group containers along with the coordinated services they need, such as networking, security, and telemetry.” (See Haff’s full article, How enterprise IT uses Kubernetes to tame container complexity.) Read more

Australian Securities Exchange completes Red Hat migration

The Australian Securities Exchange (ASX) has completed the migration of "mission-critical" legacy applications to the Red Hat JBoss Enterprise Application Platform (JBoss EAP). ASX first deployed JBoss EAP in 2011 to modernise its legacy technologies and to facilitate the introduction of new web applications after it realised its legacy application server platform was becoming increasingly inconsistent, unstable, and expensive. After the initial ASX Online Company migration was complete in 2012, ASX used JBoss EAP to build the ASX.com API, as well as its Sharemarket Game, which gives players the opportunity to learn how the share market works. Read more

Programming/Development: GAPID 1.0 and Atom 1.23

  • Diagnose and understand your app's GPU behavior with GAPID
  • GAPID 1.0 Released As Google's Cross-Platform Vulkan Debugger
    Back in March we wrote about GAPID as a new Google-developed Vulkan debugger in its early stages. Fast forward to today, GAPID 1.0 has been released for debugging Vulkan apps/games on Linux/Windows/Android as well as OpenGL ES on Android. GAPID is short for the Graphics API Debugger and allows for analyzing rendering and performance issues with ease using its GUI interface. GAPID also allows for easily experimenting with code changes to see their rendering impact and allows for offline debugging. GAPID has its own format and capturetrace utility for capturing traces of Vulkan (or GLES on Android too) programs for replaying later on with GAPID.
  • Hackable Text Editor Atom 1.23 Adds Better Compatibility for External Git Tools
    GitHub released Atom 1.23, the monthly update of the open-source and cross-platform hackable text editor application loved by numerous developers all over the world. Including a month's worth of enhancements, Atom 1.23 comes with the ability for packages to register URI handler functions, which can be invoked whenever the user visits a URI that starts with "atom://package-name/," and a new option to hide certain commands in the command palette when registering them via "atom.commands.add." Atom 1.23 also improves the compatibility with external Git tools, as well as the performance of the editor by modifying the behavior of several APIs to no longer make callbacks more than once in a text buffer transaction. Along with Atom 1.23, GitHub also released Teletype 0.4.0, a tool that allows developers to collaborate simultaneously on multiple files.

Red Hat GNU/Linux and More