Stories
Slash Boxes
Comments

SoylentNews is people

What's Worse, Open-Source Vulnerabilities, or Poor Enterprise IT Security?

posted by janrinok on Thursday May 17 2018, @08:38PM   Printer-friendly
from the it-wasn't-me dept.

requerdanos writes:

There's a minor media dust-up over which is worse, Open-source vulnerabilities, or Poor Enterprise IT Security?

On Tuesday, 15 May, ZDNet quoted from a Black Duck study and opined that the problem was the "Open-source vulnerabilities", posting an article entitled Open-source vulnerabilities plague enterprise codebase systems.

Vulnerabilities including the bug reportedly responsible for Equifax's data breach are still common elements of open-source systems used in the enterprise... the nature of open-source projects means that as developers are giving away their time for free, sometimes, bugs may escape the net and cause chaos...

Wednesday, May 16th, TechRepublic answered with Enterprise IT shouldn't blame open source for their own poor security practices:

Even if we set aside the fact that Black Duck sells tools and services to root open source out of your enterprise... Open source vulnerabilities will often get disclosed earlier than those in managed software [and] its up to IT to apply the patches.

In other words, open source developers are doing their best to write good software, publish notices when bugs are found, and then fix those bugs. What the open source world cannot do, however, is fix inept IT practices. Despite the headlines, it's not the open source world's problem that so many want to use the software but can't be bothered to apply updates.

Is the problem more one, or the other, or both? Or is it the insistence on calling free software "Open Source," referring to just one freedom of many?

Original Submission

 
This discussion has been archived. No new comments can be posted.
What's Worse, Open-Source Vulnerabilities, or Poor Enterprise IT Security? | Log In/Create an Account | Top | 23 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Interesting) by krishnoid on Thursday May 17 2018, @10:49PM

    by krishnoid (1156) on Thursday May 17 2018, @10:49PM (#680923)

    What the open source world cannot do, however, is fix inept IT practices.

    It wouldn't be completely 'open source' any more, but ...

    Clause 5: Since LICENSEE is provided source code to SOFTWARE, it is LICENSEE's responsibility to audit, review, and modify it to produce the desired operation. Hence, in the interest of keeping SOFTWARE out of the latest news cycle, we reserve the right, upon vote of two-thirds of the registered copyright holders in SOFTWARE, to revoke LICENSEE's right to operate SOFTWARE should it be publically implicated in a security breach or other internal process failure.

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4