News Source Formtek

Open Source: The Good, Bad and Ugly — Studies in Two Extremes

When top-class Open Source tools and applications (think software like Linux, Apache Web Server, PostgresSQL and PHP) went head to head against similar proprietary software, a recent survey found that Open Source bested or equaled the quality of their proprietary cousins. The Open Source community hailed these findings from Gartner and Coverity. more
News Source Infosecurity Magazine

Study finds widespread use of vulnerable open source components

The study, the 'Unfortunate Reality of Insecure Libraries', found that many organizations use open source components as the building blocks for their applications but have zero visibility into whether the components they are using are secure, thereby exposing the organization to security risks. more
News Source Australian Techworld

Do insecure open source components threaten your apps?

Since Apache Maven, the brainchild of Sonatype founder Jason van Zyl, emerged as a top-level Apache Software Foundation project in 2003, the Central Repository has become a primary source of open source components. Jackson says the Central Repository receives four billion requests per year for its 300,000 components. more
News Source Cso

Do Insecure Open Source Components Threaten Your Apps?

Since Apache Maven, the brainchild of Sonatype founder Jason van Zyl, emerged as a top-level Apache Software Foundation project in 2003, the Central Repository has become a primary source of open source components. Jackson says the Central Repository receives four billion requests per year for its 300,000 components. more
News Source Proformative

Report: Half Global 500 Vulnerable to Open Source Security Loopholes

Aspect Security and Sonatype have recently collaborated to provide the industry's first study of potential vulnerabilities in open-source computing tools. These flexible components are used by members of the Global 2,000 and other leading organizations thousands of times each day in their operations, and the implications of security frailties could be significant. more
News Source Tech Security Today

The Inherently Insecure Nature of Open Source Projects

A huge percentage of the applications being built these days rely on previously existing components that developers stitch together to make a new application. In fact, the vast majority of these components are open source projects that developers assume to be secure given the peer review process that most open source projects are based on. more
News Source Linux Today

Sonatype not out to slam open source

"Yeah, thought so. "Which is pretty much what was going through my head when I read Monday's wire reports that software-development firm Sonatype and application security specialists Aspect Security has released a study with a press release that highlighted "[m]ore than 80 percent of typical software applications are open-source components and frameworks consumed in binary form." more
News Source Network World

Are Open Source Libraries Any More Vulnerable Than Closed Source?

My friend and Network World editor, Ellen Messmer posted an article yesterday about the results of an analysis by Aspect Security of the Central Repository maintained by Sonatype. The study was announced by Aspect and Sonatype yesterday. Both the study and Ellen's article have set off a bit of a firestorm in both the open source and security communities about the security or lack thereof of open source libraries and components. more

Sonatype Eyes "Staggering" Use Of Vulnerable Open Source Components

Attempting to analyze real-world usage of vulnerable versions of open-source libraries, software vendors Sonatype and Aspect Security claim to have found "staggering" use of susceptible components that have been downloaded from central repositories in order to conduct finance, energy, government, and military activities. more

Awards

Codie INC 500 Red Herring SD Times NVTC RSA Gartner