Are You Using Insecure Open Source Components?

Mar 27, 2012, 03:00 (0 Talkback[s])
(Other stories by Sean Michael Kerner)

"I'm always suspicious when I see press releases and studies that claim that somehow open source software is less secure than other forms of software. That's why I was particularly suspicious of a new study out today sponsored by Apache Maven sponsor Sonatype, claiming that there is widespread use of insecure open source components.

According to the study:

There were more than 46 million downloads of insecure versions of the 31 most popular open-source security libraries and web frameworks.

Complete Story

Related Stories:

• DIY: Get top-quality open source security tools in one distro(Dec 08, 2011)
• Google's open source geezer gets shirty about security(Nov 28, 2011)
• 59 Open Source Tools That Can Replace Popular Security Software(Mar 15, 2011)
• 5 open source security projects to watch(Jan 26, 2011)
• Open Source Security Revisited � With Enough Eyeballs, All Bugs Are Shallow(Sep 21, 2010)
• Open Source: FOSS Security Updates vs Microsoft Patch Day(Sep 13, 2010)