Many open-source software developers need to improve the way in which they handle vulnerability reports, according to researchers from security firm Rapid7, who recently found and reported vulnerabilities in seven popular open-source software applications.
There’s a line of thought among some users that open-source software is more secure than commercial software because there are more people looking at the source code and providing feedback or because open-source projects can patch issues faster.
Rapid7 worked with Brandon Perry, an application security engineer and regular contributor to the Metasploit penetration testing framework, to test that theory, said Christian Kirsch, product marketing manager at Rapid7, in an interview Wednesday at the RSA Europe security conference in Amsterdam.