All the latest UK technology news, reviews and analysis
|
|
|
10 Dec 2009
Open-source code is more prone to severe flaws than commercial software, but bugs get fixed more quickly, according to revealing new research from application security firm Veracode.
V3.co.uk gained exclusive early access to the vendor's Open Source Ratings Database project, a centralised repository of open source security ratings which includes analysis of around 100 popular enterprise applications including Firefox, Apache, MySQL and JBoss.
The latest findings from the project rated just 24 per cent of open-source software as meeting an "acceptable level of security", and commercial software marginally worse with 23 per cent.
The stats also revealed that 23 per cent of open-source and just five per cent of commercial software contained at least one high severity flaw.
"All code is pretty bad, whether commercial or open-source, but the fixes are done more quickly and efficiently with open source. There are more eyeballs on the code, and [programmers] seem to take more pride in their work," said Veracode president and chief executive Matt Moynahan.
Security issues in open-source software typically take less than a week to remediate and report on, or three man hours of effort, according to the research.
Latest stories from Developer
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Service Manager - Technology Managed Services, Service...
Reporting to the Managing Director, the role of the Client...
Senior Technical Support/ Support Engineer...
Job Purpose To analyse system requirements...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
security
What sort of company is veracode? It will inspect your code for a fee and tell you if it is secure or not. So we should all be good little coders and pay veracode to find some bugs for us. If linux code is only 24% secure, why no mass outbreak of attacks on my computer. Maybe the linux people know a bit more about security. Stick to commenting on windows code. cheers Fred
Posted by: Fred Splatt 16 Dec 2009