Fortify Your Day with FUD
July 22nd, 2008 by Justin Ryan
Listen up Open Sourcers: You're slackers! That's the latest word from Fortify Software, the result of a study by the security-software vendor into the security of Open Source Software, an undertaking aimed at "informing" enterprise users of the "risks" associated with the Wild West of non-proprietary software.
The study, which presumably represents a startling advancement in scientific research, studied eleven Java-based Open Source offerings without commercial support and managed to extrapolate those results into a resounding condemnation of the entire community. According to Fortify "the most widely-used open source software packages for the enterprise are exposing users to significant and unnecessary business risk" and that "nearly all OSS communities fail to provide users access to security expertise to help remediate these vulnerabilities and security risks." Really? The most widely used Open Source packages are all Java-based and lack commercial support? The eleven projects you studied represent nearly all Open Source communities? And why, exactly, are the names of these projects noticeably absent from what is otherwise a press release just brimming with information?
Of course, Fortify doesn't want us to take it personally, telling Linux Insider they hope for a positive response. Still, there are "no real concerns about a negative reaction to the study findings." Hardly surprising. One has to wonder what kind of concerns they have about certain high-profile proprietary software packages with documented history of sweeping security breaches under the rug, and if they're aware that while those "secure" producers are busy practicing the maxim "Deny, Deny, Deny," the Open Source community is busy patching the holes.
Anyone who would like to read the report and learn just which projects compose the entirety of the Open Source community these days can register at Fortify's website to receive a copy of the report. Of course, it's on a Linux/Apache stack, so no guarantees about the security...
__________________________
Justin Ryan is News Editor for LinuxJournal.com.
Submit a tip: Email IRC
Special Magazine Offer -- Free Gift with Subscription
Receive a free digital copy of Linux Journal's System Administration Special Edition as well as instant online access to current and past issues. CLICK HERE for offer
Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.
Delicious
Digg
StumbleUpon
Reddit
Facebook
Post to TwitterSubscribe now!
The Latest
Newsletter
Tech Tip Videos
Recently Popular
From the Magazine
July 2009, #183
News Flash: Linux Kernel 3.0 to include an on-the-go Expresso machine interface! Ok, maybe not, but Linux is definitely going mobile, from phones to e-readers. Find out more inside about Android, the Kindle 2, the Western Digital MyBook II, The Bug, and Indamixx (a portable recording studio). And if you've gone mobile and you been wanting more Emacs in your life then check out Conkeror.
To compliment the mobile we've got the stationary: parsing command line options with getopt, checking your Ruby code with metric_fu, and building a secure Squid proxy. How is this stationary you ask? What can we say? It's not. We just wanted to see if anybody actually read this part of the page :) .
All this and more, and all you have to do is get your hot sweaty hands on the latest copy of Linux Journal.
nice summary
On July 23rd, 2008 Anonymous (not verified) says:
Heh, that's the best summary yet of this alleged "study". Nice work.
Post new comment