open source posts - Security Bites podcast

July 25, 2008 2:01 PM PDT

For years, one of the arguments for using open-source software instead of proprietary software held that open source was more secure. After all, having thousands of eyes looking at the code can't but help find and mitigate potentially dangerous bugs. A new report from Fortify challenges that assertion.

Open-source software can be found in over half of the enterprises today. And open source code can be found within the Mac OS 10 operating system. But how are open source vulnerabilities and, more importantly, their patches handled?

This week a report from Fortify found that, while vulnerabilities exist and are reported within the open-source community, not every open-source project had a clearly defined contact or security alias. Nor was it clear what the process would be for issuing a patch, or how the projects conduct their own vulnerability assessments. The report looked at several known open-source projects such as JBoss and Tomcat.

CNET's Robert Vamosi spoke by phone with Roger Thornton, CTO at Fortify about the report and its findings.

Listen now: Download today's podcast

Topics:: Podcasts,; Security

Tags:: security,; Security Bites,; Roger Thornton,; Fortify,; open source,; vulnerabilities

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

About Security Bites podcast

Backdoors, pharming, botnets, phishing, rootkits, viruses, worms. Feeling vulnerable? Every Friday, CNET.com's Robert Vamosi will tell you about the latest security threats, what's coming, and how to protect your system.

View all Security Bites podcast episode blog entries

Add this feed to your online news reader

Security Bites podcast topics

Meet the host of Security Bites

Robert Vamosi has appeared on CNN, NBC, ABC, MSNBC, and various other media outlets as an expert on computer viruses, spyware, identity theft, phishing, and other criminal activities on the Internet.

Send us feedback

Tell us what you think. We want to know who's listening, and what we can do to improve the experience.

Most Discussed

Inside CNET News

Scroll Left Scroll Right

Nanotech - The Circuits Blog
Snapdragon chip powers itself into Nexus One
Qualcomm's processor is part of Google's unveiling just 12 hours after making the leap to a Lenovo laptop.
Gallery
Unboxing the Nexus One (photos)
Technically Incorrect
The iPhone app that lets you see your friends naked
Nude It, approved by Apple Tuesday, is an augmented reality app that uses scanning technology to look straight through clothing. Something you have always wanted to do.
Beyond Binary
Windows Mobile glitch dates 2010 texts 2016
Microsoft says it is working with mobile partners to fix a problem causing SMS messages sent after New Year's Day to appear as if they were sent from the future.
Video
Nexus One: The big reveal (video)
Crave
Amazon beefs up wireless Kindle family
The online retailer expands its e-reader selection by adding wireless download capability to its larger-screen DX model.
Video
Hands on with Google's Nexus One (video)
Technically Incorrect
'Kill Obama' Facebook group active for a month
A group whose name appeared to advocate the demise of the president survives on Facebook since November and is removed only after CNET draws Facebook's attention to it.
The Digital Home
NASA's Kepler finds five 'hot Jupiters'
After less than a year in operation, NASA's Kepler space telescope finds five new exoplanets in our galaxy. Unfortunately, none of them is habitable.
Gallery
Google unveils its 'super phone' (photos)
2010 CES
Kodak's new PlaySport Zx3 pocket camcorder is waterproof
Kodak's upcoming PlaySport pocket camcorder, which is due in April for $149.99, captures video underwater (up to 10 feet).
2010 CES
Whirlpool, Direct Energy assemble home energy system
Will home networks get smart to energy management? Whirlpool and Direct Energy team with a display maker and Best Buy in a big to automate savings.