The largest repository of hacker activity and vulnerability data on display » Get the Report from HackerOne!
Welcome Guest | Sign In

LinuxInsider Talkback

ECT News Community   »   LinuxInsider Talkback   »   Re: Companies Turn Blind Eye to Open Source Security Risks

Re: Companies Turn Blind Eye to Open Source Security Risks
Posted by: Jack M. Germain 2017-10-18 11:59:44
See Full Story

Many software developers and enterprise users have been lax or oblivious to the need to properly manage open source software, suggest survey results released Tuesday. The report highlights the consequences of failure to establish open source acquisition and usage policies, and to follow best practices. Flexera polled more than 400 commercial software suppliers and in-house software development teams within enterprises about their open source practices. More than half of the software products currently in use contain open source components.

Re: Companies Turn Blind Eye to Open Source Security Risks
Posted by: gluufederation 2017-10-31 07:29:45 In reply to: Jack M. Germain
Isn't the question that large companies use lots of software without properly updating it (both commercial and open source). Just as an example, Oracle waits a long time before it releases security patches for its various software. Thus, many vulnerabilities are announced and not patched for some time. It's also too simple to generalize about open source software. "Open Source" varies from commercially supported software, to publishing a pet project for your friends. Certainly we could make a case that responsibly published and maintained software is easy to keep up to date. If you can get the latest code with "apt update / apt upgrade" (or it's equivalent), and you don't... the license of the code isn't your problem.

Re: Companies Turn Blind Eye to Open Source Security Risks
Posted by: Wormwood 2017-10-19 08:15:22 In reply to: Jack M. Germain
Why SHOULD the majority of companies (small, uderfunded; low-quality, in general) care ANYTHING about the security risks of using FOSS? FOSS lends itself to being considered as nothing more than a 'free ride' by these entities who would have never considered developing a product and offering it for sale, had the development of that product included a healthy licensing fee for the (of-dubious-benefit, and contributing nothing, anyway) software...regardless of the "customer-security" claims and protestations of a major Operating System supplier.
What do we think is the reason for the cancer on our society known as 'the Internet of Things'? Major clue: we blame them--rightly so--for a lot of things, but it ain't Microsoft.
A request--
I know that your main thrust is software these days, but I was wondering if you would, given your impressive Linux background, consider a review of what appears to be an excellent non-Microsoft laptop by a premier manufacturer: the HP 15.6" ZBook 15u, which runs the FreeDOS 2.0 operating system, and which could probably be made into a Linux machine as a 'no-brainer' (I really don't know, but would deeply appreciate the advice of an expert).
Jump to:
Facebook Twitter LinkedIn Google+ RSS
What best describes your video-calling preferences?
I almost always prefer video calls over voice calls.
I think video calls are very useful for some business purposes.
I enjoy video calls with friends and family, but not with business associates or strangers.
They are nice if planned in advance -- I don't like spontaneous video calls.
I find it difficult to speak naturally on video calls.
I feel video calls are a huge invasion of privacy.
I have never tried video calling, and I probably won't.