Thursday, May 2, 2013

Security risks of open-source



An overwhelming 86 percent of those surveyed believe their applications are at least 80 percent open source with the remaining 20 percent custom components and code, illustrating a dramatic shift in how mission-critical software is built. This paradigm shift is forcing companies to rethink how they manage risk in the age of agile, component-based software development.
While reliance on open source components increases year-over-year, limitations on the visibility, control and management of their use continues to be a problem. Of those large organizations surveyed (companies with > 500 developers), an astonishing 76 percent have no control over what components are being used in software development projects and even more alarming is that 65 percent don't maintain an inventory of components used in production applications.

 Which means that the software consists of holes and bugs (80%) and tested software (20%).

1 comment:

Jawad said...

Hi Eugene,

I work for a company in Linlithgow, UK. I work as a Oracle Middleware Specialist. I have a internal project of developing a service to secure documents shared within and across business operations. I came across ELDOS's SecureBlackbox with OpenPGP Java Extension that I really liked. I have downloaded the trail version of the extension that ELDOS has provided for users to taste the capabilities of this extension. I need a small favor/help from you to move forward and complete my PoC(proof of concept) to go for ELDOS to my business users and IT security team here at my company. Can you send me a sample help code to encrypt and decrypt a file? I have gone through OpenPGPBlackbox example, but could not come around that.

My email address for correspondence is,syed.jawad.sh@gmail.com. Hope to hear from you soon.

Thanks and Regards,
Jawad