[an error occurred while processing this directive] [an error occurred while processing this directive]
[an error occurred while processing this directive]

















Tech Update
Assessing the risks of open source
The value of open source
By Thomas Murphy
September 13, 2002
Provided byMETA Group
TalkBack!

The value of open source is that having access to the source enables code analysis to identify potentially problematic code. Several products are available (a few of which are open source themselves) designed to help analyze software specifically for potential security problems. This software can only provide clues based on looking for specific patterns of suspicious behavior. Vendors such as Cigital and Secure Software provide both tools and consulting services to create improved processes around building secure code. General-purpose metrics tools, such as those offered by McCabe & Associates, also provide a starting point to understanding third-party software as well as reverse engineering models. The key issue is to understand all software brought into the organization. Are there APIs that are not documented? Where are native calls made, or other accesses of system resources? Does the software communicate over the network? Utilizing a mixture of metrics, modeling, and specific security analysis tools, together with memory defect tools, will enhance understanding of third-party software and aid in reducing risk.

Business impact: Enterprises should create software audit process to reduce the business risks associated with third-party software.

[an error occurred while processing this directive]
Bottom line: IT organizations must define policies for the use of third-party software and code now, and couple this with tools that will help assess both acquired and open-source software.

Assessing Open Source: Opening the Back Door?
First published September 5, 2002
By Thomas Murphy

Tell us about your company's source code auditing program. TalkBack below or e-mail us with your thoughts.
 Previous page |   1 2 3 

 Newsletters
Tech Update Today
eBusiness Update 		Tech Update Weekly
All newsletters
FAQ
Manage my newsletters


[an error occurred while processing this directive]

[an error occurred while processing this directive]

[an error occurred while processing this directive]



[an error occurred while processing this directive]
[an error occurred while processing this directive]

1. Assessing the risks of open source
2. Source code security
3. The value of open source
ARTICLES
 Secure Linux OS seeks global dominance

 Sun readies open source desktop

 Miracle cure for security woes?

 Linux standard gets the go-ahead

 Red Hat: Open source is our focus

PRODUCTS
 Apache Web server

 Java 2 Enterprise Edition

 Ximian Evolution

 Mozilla 1.0





[an error occurred while processing this directive] [an error occurred while processing this directive]