Open source exposing businesses to significant risk

The most widely used open source software...

The most widely used open source software for the enterprise is exposing businesses to significant risk, according to a study by security firm Fortify Software.

The Open Source Security Study examined 11 Java open source packages and associated security practices, and included vulnerability scanning of the software.

The study found that open source software (OSS) development communities do not have a secure development process with security testing and often leave vulnerabilities unaddressed.

Nearly all OSS communities fail to provide users with access to security expertise to help fix vulnerabilities and security risks, the study said.

Despite a steady increase in the adoption of OSS, the study found little has been done by the open source community to implement enterprise level application security measures.

Rob Rachwald of Fortify Software said enterprises should follow the example of large banks and apply risk and coding analysis techniques to their open source software.

He said there was little evidence of secure development practices, but the open source Mozilla Corporation has begun putting together a programme to improve security.

"They have hired a security consultant and are starting with developer education, which is exactly the kind of process the whole open source community should be following," he said.

Rachwald said open source security could be improved by businesses informing developers of their security requirements.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Antivirus, firewall and IDS products



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...