Loading
Fortify Your Day with FUD
Listen up Open Sourcers: You're slackers! That's the latest word from Fortify Software, the result of a study by the security-software vendor into the security of Open Source Software, an undertaking aimed at "informing" enterprise users of the "risks" associated with the Wild West of non-proprietary software.
The study, which presumably represents a startling advancement in scientific research, studied eleven Java-based Open Source offerings without commercial support and managed to extrapolate those results into a resounding condemnation of the entire community. According to Fortify "the most widely-used open source software packages for the enterprise are exposing users to significant and unnecessary business risk" and that "nearly all OSS communities fail to provide users access to security expertise to help remediate these vulnerabilities and security risks." Really? The most widely used Open Source packages are all Java-based and lack commercial support? The eleven projects you studied represent nearly all Open Source communities? And why, exactly, are the names of these projects noticeably absent from what is otherwise a press release just brimming with information?
Of course, Fortify doesn't want us to take it personally, telling Linux Insider they hope for a positive response. Still, there are "no real concerns about a negative reaction to the study findings." Hardly surprising. One has to wonder what kind of concerns they have about certain high-profile proprietary software packages with documented history of sweeping security breaches under the rug, and if they're aware that while those "secure" producers are busy practicing the maxim "Deny, Deny, Deny," the Open Source community is busy patching the holes.
Anyone who would like to read the report and learn just which projects compose the entirety of the Open Source community these days can register at Fortify's website to receive a copy of the report. Of course, it's on a Linux/Apache stack, so no guarantees about the security...
______________________
Justin Ryan is a Contributing Editor for Linux Journal.
- Fun with ethtool
- Parallel Programming with NVIDIA CUDA
- Readers' Choice Awards 2011
- 100% disappointed with the decision to go all digital.
- Linux-Based X Terminals with XDMCP
- Validate an E-Mail Address with PHP, the Right Way
- You Need A Budget
- The Linux powered LAN Gaming House
- Why Python?
- Python for Android
- Employment Posters
2 hours 41 min ago - Sure the best distro is
4 hours 2 min ago - BeOS was the best
6 hours 45 min ago - I use Wireshark on a daily
11 hours 16 min ago - buena información
16 hours 23 min ago - One important "bucket" that I didn't note (désolé si qqun deja d
17 hours 23 min ago - Gnome3 is such a POS. No one
1 day 2 hours ago - Gnome 3 is the biggest POS
1 day 3 hours ago - I didn't knew this thing by
1 day 9 hours ago - Author's reply
1 day 12 hours ago
Comments
nice summary
Heh, that's the best summary yet of this alleged "study". Nice work.