Menu
Open source could learn from Microsoft

Open source could learn from Microsoft

Companies who opt for an open source software within their organizations could be leaving themselves open to security breaches.

That's according to software company Fortify which has researched the implementation of several open source projects and found them lacking, with one executive suggesting that they could learn from Microsoft in how to improve security.

The research completed by security consultant Larry Suto, examined 11 of the most common Java open source packages. Fortify worked with open source maintainers and examined documented open source security practices to evaluate the level of security. The results were disappointing: the Fortify study found that many Open Source Software (OSS) development communities have not yet adopted a secure development process and often leave dangerous vulnerabilities unaddressed

Rob Rachwald, Fortify's director of product marketing said that open source developers should be prepared to learn from companies like Mozilla, which has recently hired Rich Mogull as its security chief.

Even Microsoft could be help up as an example of good security practice. Rachwald said that had improved its security policies no end, "It's a company that used to be severely slammed for its security procedures but, following the 2002 Trustworthy Computing memo from Bill Gates, that's all changed. Gates simply said 'if it's a choice between functionality and security, always choose security' and the company has changed its mindset, said Rachwald.

He added that proprietary software developers tended to think far more about security issues than open source developers did -- although he conceded that this wasn't always the case.

Rachwald said that a lot of the developers' problems started with their initial training. "The problem starts with the developers themselves and in particular with their education. "They've normally majored in computer science and just haven't had the grounding in security issues."

He said that it was true that the openness of open source projects would help secure vulnerabilities. But, he said, companies should ask themselves what would they rather be "great at fixing security problems or preventing those problems from happening in the first place."

According to Fortify, there are three key ways to improve the security of open source projects: appoint a security expert, someone with a thorough understanding of security issues."The difference between you and me and a security expert,"said Rachwald, "is that you and I enter a shop and think about what we could buy, the security expert enters and thinks about what he could steal."

Second, build security processes within the software development lifecycle and third, use the correct tools to test the security procedures.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments