Slashdot Mirror

← Back to Stories (view on slashdot.org)

Study Says Open Source Software a Security Risk

Posted by CmdrTaco on from the sky-is-falling dept.

chareverie writes "Fortify Software released a study where they concluded that open source software poses a large security risk to corporations who have implemented it. They reason this by stating that the fault lies within the open source communities and their failure to adhere to minimum security practices. Fortify Software studied 11 open source software packages, where the application server Tomcat was determined to be the best. The other 10 were found to have poor results, with those being Derby, Geronimo, Hibernate, Hipergate, JBoss, Jonas, OFBiz, OpenCMS, Resin and Struts. Jacob West, manager of Fortify's research group, reminds that purpose of the study was 'not to condemn open source software, but rather to point out that the security practices need to improve because open source adoption by enterprises and governments is growing.'"

7 of 86 comments (clear)

  1. Conflict of interest by 14erCleaner · · Score: 4, Funny

    Since Fortify is a security firm, it's obviously in their best interest to have everybody using 100% Microsoft products.

    --
    Have you read my blog lately?
    1. Re:Conflict of interest by smittyoneeach · · Score: 2, Funny

      Nonsense: GGP is properly spelled, employs a complete sentence, and proper punctuation. Modding it 'Funny' would be inconceivable.

      --
      Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  2. to explain the parent post with quotes : by unity100 · · Score: 2, Funny

    Eric S. Raymond discusses the recent Microsoft security debacle in which an engineer inserted a back door in a library that allowed access with the phrase 'Netscape engineers are weenies!' The article notes that 'Apache will *never* have a back door like this one.

    http://linuxtoday.com/stories/20234.html

    --
    Read radical news here
  3. WTF by imaniack · · Score: 3, Funny

    Don't they know OSS is PERFECT in every possible and imaginary way!!!! :)

    1. Re:WTF by Spy+der+Mann · · Score: 2, Funny

      Yes, Mr.Strawman, I'm sure they do.

      Hmmm... that got me thinking.

      Straw man + flamebait = ??? (think of an ultra flamable scarecrow)

  4. Re:I've only heard of two of those... by Anonymous Coward · · Score: 1, Funny

    why isn't the app filtering out erronious inputs?

    Obviously a PHP programmer - as only one of those could think that should be necessary.

  5. Re:What we use by Anonymous Coward · · Score: 1, Funny

    as much support as support is needed for a screwdriver

    Not to be inserted into penis