Slashdot Mirror

← Back to Stories (view on slashdot.org)

Over Half of Software Fails First Security Tests

Posted by Soulskill on from the over-half-of-users-are-oblivious dept.

An anonymous reader writes "Even with all of the emphasis on writing software with security in mind, most software applications remain riddled with security holes, according to a new report released today about the actual security quality of all types of software. Close to 60 percent of the applications tested by application security company Veracode in the past year-and-a-half failed to achieve a successful rating in their first round of testing. And this data is based on software developers who took the time and effort to have their code tested — who knows about the others." Reader sgtrock pointed out another interesting snippet from the article: "'The conventional wisdom is that open source is risky. But open source was no worse than commercial software upon first submission. That's encouraging,' Oberg says. And it was the quickest to remediate any flaws: 'It took about 30 days to remediate open-source software, and much longer for commercial and internal projects,' he says."

2 of 145 comments (clear)

  1. Well now by Monkeedude1212 · · Score: 4, Informative

    That's extrapolating a bit much, isn't it? And scanning through the article, they don't even name the sample size, just percentages.

    And yes, they mention that its only the stuff that they test, "so imagine what the rest is like". Well - thats it though, if someone is professionally developing with security in mind, they probably know how to test it in office or know somebody who can. Thus - no need to pay this corporation to test something you can do yourself.
    If you are developing with security in mind - but aren't sure exactly what you're looking to protect against - THATS when you go to companies like these.

    This is a pretty much skewed data source (probably a slashvertisement for them, too), and is the only study of its type. Take it with a weeks worth of salt.

  2. What about commercial open source software by weeble · · Score: 4, Informative

    So lots of comparisons between open source and commercial software; however there is a lot of open source software that is sold, i.e. commercial. In addition it has been shown that most of the code for the Linux kernel was developed by people who were paid to do it by Red Hat, IBM, Intel and others. Does that mean that the Linux Kernel is commercial software.

    May be the article should refer to closed source proprietary and open source software.

    The article reads as if the author does not fully understand the how Open Source software is developed and is just a large advert (a.k.a. press release) for the auditing software.

    --
    Slashdot Beta should die a painful death.