Fortify Your Day with FUD
July 22nd, 2008 by Justin Ryan
Listen up Open Sourcers: You're slackers! That's the latest word from Fortify Software, the result of a study by the security-software vendor into the security of Open Source Software, an undertaking aimed at "informing" enterprise users of the "risks" associated with the Wild West of non-proprietary software.
The study, which presumably represents a startling advancement in scientific research, studied eleven Java-based Open Source offerings without commercial support and managed to extrapolate those results into a resounding condemnation of the entire community. According to Fortify "the most widely-used open source software packages for the enterprise are exposing users to significant and unnecessary business risk" and that "nearly all OSS communities fail to provide users access to security expertise to help remediate these vulnerabilities and security risks." Really? The most widely used Open Source packages are all Java-based and lack commercial support? The eleven projects you studied represent nearly all Open Source communities? And why, exactly, are the names of these projects noticeably absent from what is otherwise a press release just brimming with information?
Of course, Fortify doesn't want us to take it personally, telling Linux Insider they hope for a positive response. Still, there are "no real concerns about a negative reaction to the study findings." Hardly surprising. One has to wonder what kind of concerns they have about certain high-profile proprietary software packages with documented history of sweeping security breaches under the rug, and if they're aware that while those "secure" producers are busy practicing the maxim "Deny, Deny, Deny," the Open Source community is busy patching the holes.
Anyone who would like to read the report and learn just which projects compose the entirety of the Open Source community these days can register at Fortify's website to receive a copy of the report. Of course, it's on a Linux/Apache stack, so no guarantees about the security...
__________________________
Justin Ryan is the News Editor for Linux Journal.
Look for him in the #linuxjournal IRC channel.
Special Magazine Offer -- Free Gift with Subscription
Receive a free digital copy of Linux Journal's System Administration Special Edition as well as instant online access to current and past issues. CLICK HERE for offer
Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.
Delicious
Digg
StumbleUpon
Reddit
Facebook
Post to TwitterSubscribe now!
The Latest
Newsletter
Tech Tip Videos
Recently Popular
From the Magazine
December 2009, #188
If last month's Infrastrucuture issue was too "big" for you then try on this month's Embedded issue. Find out how to use Player for programming mobile robots, build a humidity controller for your root cellar, find out how to reduce the boot time of your embedded system, and if you're new to embedded systems find out the basics that go into one. You can also read about the Beagle Board, the Mesh Potato and a spate of other interestingly named items. And along with our regular columns don't miss our new monthly column: Economy Size Geek.
nice summary
On July 23rd, 2008 Anonymous (not verified) says:
Heh, that's the best summary yet of this alleged "study". Nice work.
Post new comment