Language Selection

English French German Italian Portuguese Spanish

Is open source software bad for business?

Filed under

One security outfit which conducted a study into the use of open source software in the enterprise, the results of which are published today, seems to think so. It states that "Open Source Software (OSS) development communities have yet to adopt a secure development process and often leave dangerous vulnerabilities unaddressed."

New data from Fortify Software suggests that the rising adoption of open source software within the enterprise is putting the average business at far greater risk than it should.

The Open Source Security Study has just been published and reveals that some of the most widely-used open source software used within the business environment are leaving users exposed to a "significant and unnecessary business risk."

As well as insisting that OSS development communities do not adopt a secure development process that follows software security best practise, and therefore often leaves potentially dangerous vulnerabilities unaddressed, Fortify goes on to charge that "nearly all" such OSS communities are also failing to provide users access to the kind of security expertise that could help remedy the vulnerabilities and risks that remain.

The survey, which was undertaken by application security consultant Larry Suto, looked at a total of just 11 of the most common Java open source packages.

More here

More in Tux Machines

Android Leftovers

Linux Mint 18.1 Slated to Launch Later This Year, Will Be Codenamed “Serena”

Just a few minutes ago, Linux Mint project leader Clement Lefebvre announced the codename of the next Linux Mint release, versioned 18.1, along with a bit of information regarding its release date and upgrade possibility from previous versions. Read more

Ubuntu 17.04 "Zesty Zapus" Now Tracks Linux Kernel 4.9, Could Ship Kernel 4.10

On October 27, 2016, Joseph Salisbury from the Ubuntu Kernel Team has published yet another newsletter to keep Ubuntu Linux users in the loop with what Canonical is planning for the upcoming Ubuntu 17.04 operating system. Read more

APIStrat Boston to highlight link between APIs and open source projects

This year's API Strategy and Practice (known as APIStrat)—to be held in Boston on November 2-4—has a strong open source component running throughout the event, and with little wonder. Successful API strategies more often than not either contribute new open source projects, or draw on the rich source of tools already built by the open source community. The API mindset has always lent itself to an open source ethos. APIs are all about opening up internal assets, data, and systems in order to connect and collaborate with a wider ecosystem of partners and end users. Amongst leadership businesses that have a strong API strategy, seeing so many contribute and use open source projects is not surprising, and this is reflected throughout this year's APIStrat program. After all, two of the key specifications formats that are used across the industry to describe APIs—the Open API Initiative and RAML—are both open source projects. Projects like Mashape's Kong and Tyk's API Gateway are both open source and gaining greater recognition and uptake. Read more