Re: Open Source Not Exploited More Often.

[Jonathan Cran <jcran () 0x0e org>]

On Tue, Jun 8, 2010 at 9:07 AM, dave <dave () immunityinc com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> From: http://www.technologyreview.com/computing/25480/page1/
>
> """
> Open-Source Could Mean an Open Door for Hackers
>
> A new analysis suggests that attackers exploit open-source software flaws faster and
> more effectively.
> """

Shame on me, I haven't yet read the aforementioned paper, but it's
probably worth mentioning that the recent Veracode software security
report had this to say about open source:

"
Open Source project teams remediated security vulnerabilities faster
than all other users of Veracode’s application
risk management services platform. Open Source applications took only
36 days from first submission to reach an
acceptable security score, compared to 48 days for Internally
Developed applications and 82 days for Commercial
applications. This is not surprising given the numerous political and
organizational complexities of enterprise
development efforts and the formal, customer-centric release plans of
Commercial software vendors.

Finally, Open Source contained the fewest Potential Backdoors of any
software supplier; substantially less than
1% of vulnerabilities detected across all Open Source applications
fell into this category. The relative absence of
Potential Backdoors is apparent testimony to the positive effect of
transparency in the Open Source community.
"

jcran
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave