Study Says Open Source Software a Security Risk

chareverie writes "Fortify Software released a study where they concluded that open source software poses a large security risk to corporations who have implemented it. They reason this by stating that the fault lies within the open source communities and their failure to adhere to minimum security practices. Fortify Software studied 11 open source software packages, where the application server Tomcat was determined to be the best. The other 10 were found to have poor results, with those being Derby, Geronimo, Hibernate, Hipergate, JBoss, Jonas, OFBiz, OpenCMS, Resin and Struts. Jacob West, manager of Fortify's research group, reminds that purpose of the study was 'not to condemn open source software, but rather to point out that the security practices need to improve because open source adoption by enterprises and governments is growing.'"

bullcrap. open source software is fixed faster

[unity100]

do i have to give out any examples ? how long does it take microsoft to fix issues and holes with asp, or windows ?

Re:ZOMG!!!

The study is crap, but the software listed isn't.

JBoss and most of the others in the list is the major players in open source enterprise solutions.

JBoss is used in a large and fast growing number of major enterprise systems around the world.

Red Hat have world class global support for JBoss and the other technologies they support.

Java is becoming a integrated part of Open Source just like Linux, Apache, and X.org. The next versions of Ubuntu, Debian, Fedora, RHEL, and so on will have a record number of quality Java packages.