July 25, 2008 2:01 PM PDT

Security Bites 109: Open-source security

Posted by Robert Vamosi

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

For years, one of the arguments for using open-source software instead of proprietary software held that open source was more secure. After all, having thousands of eyes looking at the code can't but help find and mitigate potentially dangerous bugs. A new report from Fortify challenges that assertion.

Open-source software can be found in over half of the enterprises today. And open source code can be found within the Mac OS 10 operating system. But how are open source vulnerabilities and, more importantly, their patches handled?

This week a report from Fortify found that, while vulnerabilities exist and are reported within the open-source community, not every open-source project had a clearly defined contact or security alias. Nor was it clear what the process would be for issuing a patch, or how the projects conduct their own vulnerability assessments. The report looked at several known open-source projects such as JBoss and Tomcat.

CNET's Robert Vamosi spoke by phone with Roger Thornton, CTO at Fortify about the report and its findings.

Listen now: Download today's podcast

Topics:: Podcasts,; Security

Tags:: security,; Security Bites,; Roger Thornton,; Fortify,; open source,; vulnerabilities

Bookmark:: Digg; Del.icio.us; Reddit

About Security Bites podcast

Backdoors, pharming, botnets, phishing, rootkits, viruses, worms. Feeling vulnerable? Every Friday, CNET.com's Robert Vamosi will tell you about the latest security threats, what's coming, and how to protect your system.

View all Security Bites podcast episode blog entries

Add this feed to your online news reader

Security Bites podcast topics

Meet the host of Security Bites

Robert Vamosi has appeared on CNN, NBC, ABC, MSNBC, and various other media outlets as an expert on computer viruses, spyware, identity theft, phishing, and other criminal activities on the Internet.

Send us feedback

Tell us what you think. We want to know who's listening, and what we can do to improve the experience.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Week in review: Tech stocks tumble
Of course it wasn't just technology stocks that took a dive this week, but industry leaders are doing some serious worrying about what lies ahead.
Gallery
Photos: Cracking open Apple's revamped iPod Nano
News - Apple
Apple will repair MacBooks that have faulty Nvidia GPUs
Computer maker says it has determined some MacBook Pros may be affected by Nvidia graphics chip glitch, and offers to repair those notebooks at no charge.
Coop's Corner
Ellison's mantra: Spend, baby, spend
It may be hell out there, but Oracle's chief tells shareholders the company still intends to shop for more acquisitions.
Video
Sprint launches Xohm WiMax
News - Digital Media
YouTube beams up 'Star Trek' for long-form video
YouTube gets Beverly Hills 90210, MacGyver, and Star Trek in a test of longer-form video that's theatrically presented and interrupted by ads.
Video
Talking with Newt Gingrich on tech, bailout
News - Politics and Law
President signs broadband data collection bill
The Broadband Data Act encourages wider collection of information regarding nationwide access to broadband.
News - Cutting Edge
Academics sink teeth into Yahoo search service
Yahoo hopes its Build Your Own Search Service program has piqued the interest of academic researchers. Next stop: start-ups.
Gallery
Photos: Messenger returns to Mercury
Crave
Even more Samsung phones clear the FCC
Crave gives you the details on recent cell phone filings with the FCC.
Green Tech
Urban wind power inspired by ancient Persia
The shape of urban wind power continues to morph. The latest twist come from Windation, a company with a design inspired by centuries-old "wind catchers."