LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fortify: open source software is a security risk for businesses

Fortify: open source software is a security risk for businesses

Posted Jul 22, 2008 20:57 UTC (Tue) by skitching (subscriber, #36856)
In reply to: Fortify: open source software is a security risk for businesses by rafaspol
Parent article: Fortify: open source software is a security risk for businesses 

What exactly _is_ your case?

FindBugs is an excellent tool for java programs. It is easy to use, and totally free. It isn't
hugely sophisticated, but easy to run and very useful. I'm grateful to anyone or any company
who contributes to the existence of FindBugs.

And in at least one OSS project I'm involved in, releases have gone out for years with
hundreds of FindBugs warnings or errors. Not good, but no-one seems to have the time or
interest to fix them. For example, I've got the interest, but not the time.

This seems to reinforce the point that for security-sensitive applications, you *do* need to
look carefully at the track record of the provider, whether OSS or proprietary.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds