Difference between revisions of "Open Source Security"

From MgmtWiki
Jump to: navigation, search
(Created page with "==Full Title or Meme== Open Source Security technically applies to all software where the source code is available. In practice it means software that is developed using o...")
 
(Context)
Line 3: Line 3:
 
==Context==
 
==Context==
 
* A common problem with code that was developed in closed, even secretive, environments was often buggy and of unknown quality.
 
* A common problem with code that was developed in closed, even secretive, environments was often buggy and of unknown quality.
 +
* In fact code like OpenSSL had bugs that persisted for years before they were discovered and patched.
  
 
==Problem==
 
==Problem==

Revision as of 11:44, 12 May 2021

Full Title or Meme

Open Source Security technically applies to all software where the source code is available. In practice it means software that is developed using open source tools.

Context

  • A common problem with code that was developed in closed, even secretive, environments was often buggy and of unknown quality.
  • In fact code like OpenSSL had bugs that persisted for years before they were discovered and patched.

Problem

  • The opposite is closed source software which is the way that software was originally written.
  • The meaning of Open Source Software is sometimes conflated with Free Open Source Software, which is a common attribution that is not shared by all.
    • For example the Mil-OSS site claims that "Derivative works – The open source software licenses must allow the distribution of software containing modified source code in the same name as of the original software." Which most people consider to be a feature of Free Open Source Software.

Solution

  • Open Source web site contains a list of FOSS organization and claims the meaning of open source to be FOSS.

References