Many software developers and enterprise users have been lax or oblivious to the need to properly manage open source software, suggest survey results released Tuesday. The report highlights the consequences of failure to establish open source acquisition and usage policies, and to follow best practices. Flexera polled more than 400 commercial software suppliers and in-house software development teams within enterprises about their open source practices. More than half of the software products currently in use contain open source components.
Isn't the question that large companies use lots of software without properly updating it (both commercial and open source). Just as an example, Oracle waits a long time before it releases security patches for its various software. Thus, many vulnerabilities are announced and not patched for some time. It's also too simple to generalize about open source software. "Open Source" varies from commercially supported software, to publishing a pet project for your friends. Certainly we could make a case that responsibly published and maintained software is easy to keep up to date. If you can get the latest code with "apt update / apt upgrade" (or it's equivalent), and you don't... the license of the code isn't your problem.
Why SHOULD the majority of companies (small, uderfunded; low-quality, in general) care ANYTHING about the security risks of using FOSS? FOSS lends itself to being considered as nothing more than a 'free ride' by these entities who would have never considered developing a product and offering it for sale, had the development of that product included a healthy licensing fee for the (of-dubious-benefit, and contributing nothing, anyway) software...regardless of the "customer-security" claims and protestations of a major Operating System supplier.
What do we think is the reason for the cancer on our society known as 'the Internet of Things'? Major clue: we blame them--rightly so--for a lot of things, but it ain't Microsoft.
***********************************
A request--
I know that your main thrust is software these days, but I was wondering if you would, given your impressive Linux background, consider a review of what appears to be an excellent non-Microsoft laptop by a premier manufacturer: the HP 15.6" ZBook 15u, which runs the FreeDOS 2.0 operating system, and which could probably be made into a Linux machine as a 'no-brainer' (I really don't know, but would deeply appreciate the advice of an expert).
Companies Turn Blind Eye to Open Source Security Risks
Posted by: Jack M. Germain October 18, 2017 11:37 AMMany software developers and enterprise users have been lax or oblivious to the need to properly manage open source software, suggest survey results released Tuesday. The report highlights the consequences of failure to establish open source acquisition and usage policies, and to follow best practices. Flexera polled more than 400 commercial software suppliers and in-house software development teams within enterprises about their open source practices. More than half of the software products currently in use contain open source components.
What do we think is the reason for the cancer on our society known as 'the Internet of Things'? Major clue: we blame them--rightly so--for a lot of things, but it ain't Microsoft.
***********************************
A request--
I know that your main thrust is software these days, but I was wondering if you would, given your impressive Linux background, consider a review of what appears to be an excellent non-Microsoft laptop by a premier manufacturer: the HP 15.6" ZBook 15u, which runs the FreeDOS 2.0 operating system, and which could probably be made into a Linux machine as a 'no-brainer' (I really don't know, but would deeply appreciate the advice of an expert).