1/23/2008

Five Most Overlooked Open Source Vulnerabilities Found By Audits

Filed under: — By Aviran Mordo @ 8:12 am

After reviewing 300 million lines of code in 2007, Palamida, a vulnerability audit and software risk management company, says it’s identified the five vulnerabilities most frequently overlooked by users in their open source code.

The five are listed in alphabetical order. Palamida did not attempt to assign a frequency ranking to the five, CEO Mark Tolliver said. Also, the Palamida list reflects known vulnerabilities that have been aired and fixed by their parent projects but are still encountered in the user base, such as businesses and government agencies. The projects named are not frequent offenders when it comes to security vulnerabilities, but their code is so widely used that unpatched vulnerabilities show up in Palamida’s enterprise and nonprofit agency software scans. In all cases, a patch is available to fix the vulnerability.

Open source code is “not any more vulnerable than commercial software” and in some cases, less so, said Tolliver. Open source projects tend to acknowledge their vulnerabilities and fix them promptly, he added.

The company conducts audits on enterprise software, spotting uses of open source and identifying origins of code. It both sells products to conduct audits and offers audit services and risk management consulting.

 

One Response to “Five Most Overlooked Open Source Vulnerabilities Found By Audits”

  1. havux robotu Says:

    Thank you .The company conducts audits on enterprise software, spotting uses of open source and identifying origins of code. It both sells products to conduct audits and offers audit services and risk management consulting.

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress