Apr 16, 2012 Open Source Vulnerabilities Can Be Dealt With
Recently, Aspect Security released a study showing that a significant amount of the software in 31 popular open source code libraries has vulnerabilities. On the face it, this seems scary, but let’s dig a little deeper.
Firms that rely on open source code should take heed, but this is hardly a reason in itself to forgo the speed, cost-effectiveness, and flexibility of open source code, when it is appropriate for particular projects.
Development frameworks such as Maven, Debian, and Red Hat support automatic detection and installation of updates, so that vulnerability fixes can be applied as soon as they are available. Then too, with the very large numbers of programmers vetting popular open source code, detecting vulnerabilities can be a much more prompt and transparent process than becoming aware of vulnerabilities in proprietary software.
To paraphrase Douglas Adams, the space for bugs may be big, but don’t panic.