• On TV.com: New TV sex symbol: Vintage black PORSCHE
July 25, 2008 2:01 PM PDT

Security Bites 109: Open-source security

by Robert Vamosi
  • Font size
  • Print
  • 1 comment

For years, one of the arguments for using open-source software instead of proprietary software held that open source was more secure. After all, having thousands of eyes looking at the code can't but help find and mitigate potentially dangerous bugs. A new report from Fortify challenges that assertion.

Open-source software can be found in over half of the enterprises today. And open source code can be found within the Mac OS 10 operating system. But how are open source vulnerabilities and, more importantly, their patches handled?

This week a report from Fortify found that, while vulnerabilities exist and are reported within the open-source community, not every open-source project had a clearly defined contact or security alias. Nor was it clear what the process would be for issuing a patch, or how the projects conduct their own vulnerability assessments. The report looked at several known open-source projects such as JBoss and Tomcat.

CNET's Robert Vamosi spoke by phone with Roger Thornton, CTO at Fortify about the report and its findings.


Listen now: Download today's podcast

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security,

Podcasts

Tags:

security,

Security Bites,

Roger Thornton,

Fortify,

open source,

vulnerabilities

Share:
Digg
Del.icio.us
Reddit
Recent posts from Security Bites podcast
Security Bites 122: IBM sees security challenges ahead
Security Bites 121: What Microsoft's Geneva means for online IDs
Security Bites 120: When social networks host malware
Security Bites 119: Does the Internet need its own Interpol?
Security Bites 118: Voting in America
Security Bites 117: How 'Clickjacking' attacks hide behind the mouse
Security Bites 116: Investigating data breaches
Security Bites 115: Inside ID fraud's underground forums
Related
When open source isn't (open enough)
Most influential open-source gurus? Votes are in
The case for the open-source Goliath
The difference a few years makes to open source
Microsoft's embrace of MySQL could kill it
Google: The open-source savior we deserve
Netherlands' open-source policy goes double Dutch
After 5 years, Firefox faces new challenges
Add a Comment (Log in or register)
by finid July 25, 2008 10:13 PM PDT
The study is FUD. Fortify lied and they know it. A somewhat detailed response has been posted at osourcemobile.com. The link to the article is
http://osourcemobile.com/2008/07/open-source-security-study-fortify-got-it-wrong/
Reply to this comment
Subscribe to the Security Bites podcast

Subscribe to this podcast using an RSS reader other than iTunes

Subscribe to this podcast using iTunes

advertisement

The browser battles go on and on

roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.

3G wireless still holds promise

The next generation of 4G wireless may get all the headlines, but advanced 3G technology will likely dominate services for the next few years.

About Security Bites podcast

Backdoors, pharming, botnets, phishing, rootkits, viruses, worms. Feeling vulnerable? Every Friday, CNET.com's Robert Vamosi will tell you about the latest security threats, what's coming, and how to protect your system.



View all Security Bites podcast episode blog entries

Add this feed to your online news reader

Security Bites podcast topics

Related links
Robert's Defense in Depth blog
CNET's Security Center
Security news
Security blogs
Spyware, viruses, & security forum
Top security and spyware downloads
Other CNET podcasts
Meet the host of Security Bites
Robert Vamosi Robert Vamosi has appeared on CNN, NBC, ABC, MSNBC, and various other media outlets as an expert on computer viruses, spyware, identity theft, phishing, and other criminal activities on the Internet.
advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET