Security vulnerabilities in open source could mean that companies are opening their doors to viruses, software exploits and other problems that could adversely affect their businesses, users and customers, says the company.
It cites security expert John Viega: “The very things that can make open source programs secure – the availability of the source code, and the fact that large numbers of users are available to look for and fix security holes – can also lull people into a false sense of security.”
Rob Rachwald, director of product marketing at Fortify, says that in fact, the Open Source Vulnerability Database in 2006 showed more than 8,500 vulnerabilities. And the problem, he suggests, is that many open source communities do not utilise security experts, meaning that their security processes tend to be inadequate.
“Are these sufficient reasons to totally avoid open source software,” he asks? “No: the merits of open source usually outweigh the downsides, but the enterprise that blindly opens its doors to open source software without fully judging the security challenges is asking for trouble
No comments:
Post a Comment