Home > Software News:
|
Watch News Feed
Bestsellers Software
|
(EMAILWIRE.COM, February 19, 2009 ) London, UK - President Obama's Administration is being encouraged to embrace open source software, copying a similar UK government game plan. However, the Administration needs to insist that secure development processes are in place for open source projects, says Fortify Software, the software security assurance experts.
In a letter to President Obama, a group of 15 open source advocates are suggesting that the US government adopt open source applications in preference to commercial programs, a process they claim will save the government a lot of money.
Roger Thornton, Fortify’s CTO noted, “Governments and open source proponents need to understand that security is not a birthright. It does not come 'for free' because of the way you license your product. If security objectives are not clear and secure development methodologies are not in place, it’s a pretty safe bet that security problems will result –whether open source or commercial software.”
According to Thornton, the net result of the potential security flaws that can arise from open source means that the direct cost savings of using such programs as an alternative to commercial software can be significantly outweighed by the indirect costs.
By indirect costs, he means the cost of remediation and hardening the code concerned, as well as the potential costs of litigation that can result when things go badly awry and rogue code causes problems.
Thornton continued, “We have experience with hundreds of development organizations establishing, and in many cases, defining, engineering processes that assure application security. These organizations have put in place security controls for open source because of poor security practices.”
The Spanish government, for example, has been actively encouraged to adopt Hipergate (http://www.hipergate.org ), an open source Web-based application suite that runs on multiple databases and operating systems. (The argument Hipergate makes to the Spanish government (in Spanish) is here: http://www.hipergate.org/docs/files/3.0.0/hipergate_aapp-3.0-es.pdf )
"Our manual and automated review of Hipergate highlight what a lack of security process means. Hipergate lacks a security expert and doesn’t even have a security email alias. Hipergate has about 16 vulnerabilities per 1000 lines of code—which is outrageously high. Hipergate should not be used by anyone," he said.
"Because of this, we urge President Obama's Administration to thoroughly research the possibilities offered by open source, but also consider the ramifications of using this technology," he added.
For more President Obama's open source lobbyists: http://tinyurl.com/cl7oc8
For more on Fortify: http://www.fortify.com
and http://www.fortify.com/magicquadrant
ENDS
For further comment or to interview Roger Thornton please contact Yvonne Eskenzi on 00 44 207 1832 832 or email Yvonne@eskenzipr.com
Fortify
Roger Thornton
00 44 207 1832 832
Yvonne@eskenzipr.com
Source: EmailWire.com
|
|
|
|
I-SoftwareNews.Com Sponsors
|
|
|
|