LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

Relicensing and rebasing LibreOffice

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fortify: open source software is a security risk for businesses

[Posted July 22, 2008 by corbet]

Fortify: open source software is a security risk for businesses
[Security] Posted Jul 22, 2008 13:23 UTC (Tue) by corbet

Fortify Software, a vendor of security scanning solutions, has put out a press release saying that open source software poses security risks for businesses, partly as a result of the lack of use of security scanning solutions. There is an associated report available for those who register. "The survey, sponsored by Fortify Software and completed by leading application security consultant Larry Suto, examined 11 of the most common Java open source packages. In order to evaluate the security expertise offered to users and to measure the secure development processes in place in OSS communities, Fortify interacted with open source maintainers and examined documented open source security practices."

The whole thing may be self-serving, but there is also a real point: anybody contemplating putting software into a security-relevant setting should look at how the project handles security issues.

Comments (17 posted)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds