Accounting Software, CRM Software, Business Management Construction software, Accounting, Estimating, Project Management, CRM, BOQ's, Specifications, Document Management Manufacturing software for ERP, MRP, APS, Distribution and Warehouse management Retail software solutions, EPOS, Chip & PIN, Loyalty etc.
Home
Register for iTSHOWCASELIVE
Need Help? Let us help you find your perfect iT Supplier
Learn about iTSHOWCASE
Privacy Policy
View Glossary
spacer
spacerNews
spacer
Rising adoption of Open Source Software is putting businesses at greater risk

Fortify Software Inc., enterprise application security solutions vendor, has released its Open Source Security Study which reveals that the most widely-used open source software packages for the enterprise are exposing users to significant and unnecessary business risk.

The study validates that Open Source Software (OSS) development communities have yet to adopt a secure development process and often leave dangerous vulnerabilities unaddressed. Additionally, the study found that nearly all OSS communities fail to provide users access to security expertise to help remediate these vulnerabilities and security risks. 
 
“Open source software can be another valuable option in today’s corporate enterprises, but, just as with commercial software, vulnerabilities in software should be a point of concern for CIOs who depend on open source software to run their business,” said Howard A. Schmidt, former cyber security advisor to the White House. 

“This is an endemic issue that starts in the open source community, and while open source software faces the same vulnerabilities as commercial or in-house developed software, the mechanisms to test and analyze software code need to be done with great rigor in open source communities to influence a secure development process.”
 
The survey, sponsored by Fortify Software and completed by application security consultant Larry Suto, examined 11 of the most common Java open source packages. In order to evaluate the security expertise offered to users and to measure the secure development processes in place in OSS communities, Fortify interacted with open source maintainers and examined documented open source security practices. Additionally, multiple versions of each package were downloaded and scanned for vulnerabilities using Fortify SCA (the static analyzer found in Fortify’s security suite, Fortify 360). Manual scanning was also executed on security-sensitive areas of code.
 
Increased enterprise adoption of open source is evidenced by reports from a number of leading analyst firms, including Gartner, which recently reported that by 2011, 80% of commercial software will include elements of open source technology (Gartner, The State of Open Source 2008,” April 2008).

Additionally, an April 2008 survey from CIO reported that more than half of its respondents are using open source applications in their organizations today[1]. A recent report from Forrester Research noted that for over 88% of respondents, security of open source software was an important concern (Source: Forrester Research: Enterprise and SMB Software Survey, 2007)
 
Although enterprise adoption of OSS has steadily increased, little has been done within the OSS community to implement enterprise-worthy application security measures.  As a result of the survey, Fortify recommends that enterprises should follow the example of financial services companies in applying risk and coding analysis techniques to their open source software. In addition, enterprises should:

- Raise security awareness within open source development communities and emphasize the importance of preventing vulnerabilities upstream. Enterprise security teams should articulate their security requirements to open source maintainers to accelerate the adoption of secure development lifecycles.
- Perform assessments to understand where their open source deployments and components stand from a security standpoint.
- Remediate vulnerabilities internally or leverage Fortify’s Java Open Review which provides audited versions of several open source packages.
 
"Most open source communities do not follow enterprise-level change control standards," says Jennifer Bayuk, independent security consultant and former CISO of Bear Stearns. "There is a hidden cost for the enterprise in using open source because they have to test and patch for security bugs they don't anticipate."
 
“Today’s enterprises are built and operated by software that comes from a variety of sources,” commented Roger Thornton, founder and CTO of Fortify Software. “The software could be developed in-house, purchased off-the-shelf, outsourced, or as we’re seeing more often, based on open source.  In order to mitigate the business risk created by insecure applications, it is imperative that companies adopt a process that allows them to assess, remediate and prevent security vulnerabilities in all of their business software, whatever the source.”

spacer

Warehouse Management software latest...
Savona selects Solarsoft for warehouse automation...

General software latest...
Ten top tips for controlling costs in the current climate from BT Business...

Security software latest...
Rising adoption of Open Source Software is putting businesses at greater risk...

General software latest...
Government calls for carbon neutral computer systems while DMW Group urges common sense...


Browse By Category  

spacer
spacer
spacerFeatures
spacer
Supply chain planning can weather the economic storm
Can a new breed of supply chain professionals lead companies out of the worst effects of the economi...
Do you speak Geek?
The Boss' guide to Geek Speak by Peter Mitteregger, European Vice President CREDANT Technologies...
iTSHOWCASE Awards 2008
...
Unravelling the mess of MES
Voices of reason from the vendor community agree there is much to be learned, even when those voices...

 
Browse By Category  

Register