Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Open-source code is more prone to severe flaws than commercial software, but bugs get fixed more quickly, according to revealing new research from application security firm Veracode. The vendor's Open Source Ratings Database project is a centralised repository of open source security ratings which includes analysis of around 100 popular enterprise applications including Firefox, Apache, MySQL and JBoss.The latest findings from the project rated just 24 percent of open-source software as meeting an "acceptable level of security", and commercial software marginally worse with 23 percent.The stats also revealed that 23 percent of open-source and just five percent of commercial software contained at least one high severity flaw."All code is pretty bad, whether commercial or open-source, but the fixes are done more quickly and efficiently with open source. There are more eyeballs on the code, and [programmers] seem to take more pride in their work," said Veracode president and chief executive Matt Moynahan.Security issues in open-source software typically take less than a week to remediate and report on, or three hours of effort, according to the research.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.