ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Is this MS going back to the 90's or being genuinely concerned?

    IT Discussion
    3
    3
    501
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jospoortvlietJ
      jospoortvliet Vendor
      last edited by

      Now obviously, lots of companies use open source tools and incorporate open source libraries in their in-house software because it saves them a load of time and costs. Also obviously, you have to keep an eye out on vulnerabilities coming in that code.

      So I read this scare-mongering title on CIO:
      Open source code is common, potentially dangerous, in enterprise apps

      And I think - wow. Is this another round of FUD, or? Reading the article, I don't think it's wrong per-se. It is just that all the dangers it talks about are double, if not triple true for proprietary libraries and code incorporated in an enterprise application... Those often have worse security policies - no disclosure, for example. Loads of vendors still think "if I just keep this secret, nobody will notice how insecure my software is" and while that's bad for applications, you'll at least update them at some point due to a bug fix release you need. With libraries - well, unless there's a REAL good reason (say a zero-day vulnerability?) you won't update them out of fear of breaking your app... Transparency is thus crucial and it's a core feat of open source.

      Of course the article points out that it's not just open source even pointing to Windows XP as part of a 'product' that was problematic (duh!).

      Still, the title makes it seem like a big anti-open-source-diatribe and claims: "Problem solved, at least in this instance. But the underlying issue – the routine practice of reusing open source code in new software – remains."

      That's an issue!?!??!?

      What do you think, is this a new way of making people afraid of open source or just a misguided title and a few stupid statements by the writer?

      1 Reply Last reply Reply Quote 3
      • scottalanmillerS
        scottalanmiller
        last edited by

        Sounds like the same FUD as always to me. If it wasn't FUD it would say "reusing code has dangers" and it would maybe say "open source is our best protection, but even that is not a sure thing" rather than suggesting that open source is a point of risk. It's a critical part of risk mitigation.

        1 Reply Last reply Reply Quote 3
        • JaredBuschJ
          JaredBusch
          last edited by

          yeah, bunch of crap in that title. After reading your post, I will not even click through.

          1 Reply Last reply Reply Quote 2
          • 1 / 1
          • First post
            Last post