Dailydave mailing list archives
Re: Open Source Not Exploited More Often.
From: Jonathan Cran <jcran () 0x0e org>
Date: Tue, 8 Jun 2010 15:06:06 -0500
On Tue, Jun 8, 2010 at 9:07 AM, dave <dave () immunityinc com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From: http://www.technologyreview.com/computing/25480/page1/ """ Open-Source Could Mean an Open Door for Hackers A new analysis suggests that attackers exploit open-source software flaws faster and more effectively. """
Shame on me, I haven't yet read the aforementioned paper, but it's probably worth mentioning that the recent Veracode software security report had this to say about open source: " Open Source project teams remediated security vulnerabilities faster than all other users of Veracode’s application risk management services platform. Open Source applications took only 36 days from first submission to reach an acceptable security score, compared to 48 days for Internally Developed applications and 82 days for Commercial applications. This is not surprising given the numerous political and organizational complexities of enterprise development efforts and the formal, customer-centric release plans of Commercial software vendors. Finally, Open Source contained the fewest Potential Backdoors of any software supplier; substantially less than 1% of vulnerabilities detected across all Open Source applications fell into this category. The relative absence of Potential Backdoors is apparent testimony to the positive effect of transparency in the Open Source community. " jcran _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Open Source Not Exploited More Often. dave (Jun 08)
- Re: Open Source Not Exploited More Often. Jonathan Cran (Jun 08)