Slashdot Mirror


Is Code Auditing of Open Source Apps Necessary?

An anonymous reader writes "Following Sun Microsystems' decision to release a raft of open source applications to support its secure cloud computing strategy, companies may be wondering if they should conduct security tests of their customized open source software before deployment. While the use of encryption and VPNs to extend a secure bridge between a company IT resource and a private cloud facility is very positive — especially now that Amazon is beta testing its pay-as-you-go private cloud facility — it's important that the underlying application code is also secure. What do you think?"

2 of 108 comments (clear)

  1. Re:Yes. by Thanshin · · Score: 5, Funny

    No shit. I don't understand how this got to be a story. What's next, "Should Engineers Who Design Bridges Demonstrate Competency Before Thousands of Automobiles Drive on Those Bridges?"

    No.

    They should pass an accelerated three month course on how to mix cement, then spend six months mixing cement for 300$/month and then change jobs saying in their CV that they have five years of experience in construction. Only then they're ready to apply their experience to design a bridge.

    When the first car goes over it and falls to its demise, they're just have to patch the bridge.

    After a couple of years and innumerable patches, the bridge, now essentially a pile of cement over a chasm, will finally stop dropping more than a couple cars per day to the void. At that point, the engineers are ready to find a management position.

  2. Re:Monty Python Engineering by Intron · · Score: 4, Funny

    Except for the part about the 4th one staying up.

    --
    Intron: the portion of DNA which expresses nothing useful.