Fortify Your Day with FUD
Listen up Open Sourcers: You're slackers! That's the latest word from Fortify Software, the result of a study by the security-software vendor into the security of Open Source Software, an undertaking aimed at "informing" enterprise users of the "risks" associated with the Wild West of non-proprietary software.
The study, which presumably represents a startling advancement in scientific research, studied eleven Java-based Open Source offerings without commercial support and managed to extrapolate those results into a resounding condemnation of the entire community. According to Fortify "the most widely-used open source software packages for the enterprise are exposing users to significant and unnecessary business risk" and that "nearly all OSS communities fail to provide users access to security expertise to help remediate these vulnerabilities and security risks." Really? The most widely used Open Source packages are all Java-based and lack commercial support? The eleven projects you studied represent nearly all Open Source communities? And why, exactly, are the names of these projects noticeably absent from what is otherwise a press release just brimming with information?
Of course, Fortify doesn't want us to take it personally, telling Linux Insider they hope for a positive response. Still, there are "no real concerns about a negative reaction to the study findings." Hardly surprising. One has to wonder what kind of concerns they have about certain high-profile proprietary software packages with documented history of sweeping security breaches under the rug, and if they're aware that while those "secure" producers are busy practicing the maxim "Deny, Deny, Deny," the Open Source community is busy patching the holes.
Anyone who would like to read the report and learn just which projects compose the entirety of the Open Source community these days can register at Fortify's website to receive a copy of the report. Of course, it's on a Linux/Apache stack, so no guarantees about the security...