Open Source… Opens Security Holes?

One of the things I talk about to customers is the potential issues with Open Source and security. It seems that others are also concerned and Fortify have been analyzing the problem.

They looked at a number of Open Source packages available and for a couple of the most popular found that they were vulnerable to SQL injection attacks as well as Cross Site Scripting. Open Source is a good thing, don’t get me wrong, however security is not necessarily at the forefront of the developers’ minds when they are developing functionality. With access to the datacentre information over the web, these applications represent real risk when it comes to data loss and general IT security. Perhaps we need to give Open Source applications a security rating?

There has yet to be any cases of popular Open Source applications being deliberately compromised by cyber-criminal gangs - but we do known that their operations are becoming increasingly more sophisticated in their approaches - and perhaps they have already done this, and we just plain don’t know about it…

So, if you are going down the Open Source route this is another case of ‘buyer beware’… except of course it’s ‘free’…

July 22, 2008 | Filed Under Application, data-loss, security 

comments

Leave a Reply