Difference between revisions of "Open Source Security"

From MgmtWiki
Jump to: navigation, search
(Context)
(Problem)
Line 6: Line 6:
  
 
==Problem==
 
==Problem==
* The opposite is closed source software which is the way that software was originally written.
+
* When the code is open sourced, any attacker can look deeply for bugs that other have not discovered.
* The meaning of [[Open Source Software]] is sometimes conflated with [[Free Open Source Software]], which is a common attribution that is not shared by all.
+
* Must of the code that s created in the Open Source community is built with open source tools and libraries that may not have high security ratings.
** For example the [https://mil-oss.org/ Mil-OSS site] claims that "Derivative works – The open source software licenses must allow the distribution of software containing modified source code in the same name as of the original software." Which most people consider to be a feature of [[Free Open Source Software]].
 
  
 
==Solution==
 
==Solution==

Revision as of 11:46, 12 May 2021

Full Title or Meme

Open Source Security technically applies to all software where the source code is available. In practice it means software that is developed using open source tools.

Context

  • A common problem with code that was developed in closed, even secretive, environments was often buggy and of unknown quality.
  • In fact code like OpenSSL had bugs that persisted for years before they were discovered and patched.

Problem

  • When the code is open sourced, any attacker can look deeply for bugs that other have not discovered.
  • Must of the code that s created in the Open Source community is built with open source tools and libraries that may not have high security ratings.

Solution

  • Open Source web site contains a list of FOSS organization and claims the meaning of open source to be FOSS.

References