Open Source Security

From MgmtWiki
Revision as of 11:46, 12 May 2021 by Tom (talk | contribs) (Problem)

Jump to: navigation, search

Full Title or Meme

Open Source Security technically applies to all software where the source code is available. In practice it means software that is developed using open source tools.

Context

  • A common problem with code that was developed in closed, even secretive, environments was often buggy and of unknown quality.
  • In fact code like OpenSSL had bugs that persisted for years before they were discovered and patched.

Problem

  • When the code is open sourced, any attacker can look deeply for bugs that other have not discovered.
  • Must of the code that s created in the Open Source community is built with open source tools and libraries that may not have high security ratings.

Solution

  • Open Source web site contains a list of FOSS organization and claims the meaning of open source to be FOSS.

References