Security News > 2022 > October > When transparency is also obscurity: The conundrum that is open-source security
The pros and cons of OSS. The challenge of OSS security is that just because everyone can look at the source code, it does not mean anyone will.
A recent report from the Linux Foundation found that the average number of outstanding critical vulnerabilities in an application is 5.1, and that 41% of organizations are not confident in their open source software security.
Due to the vast amount of OSS code in active use, examples of active security issues with open source are legion.
Paying someone to probe the security of your open-source solutions can help plug this gap, while you continue to enjoy the wider benefits of open source.
"It's open-source, go change it!" is a statement you will hear a lot from the open-source community, and it highlights a key fact: Expecting good security levels for free while others contribute time, effort or money to the equation is not reasonable or sustainable.
Options include either contributing to open source as it was originally intended, by improving the code and publishing it for others, or employing experts to manage the OSS code and debug it as required.
News URL
https://www.helpnetsecurity.com/2022/10/04/when-transparency-is-also-obscurity-open-source-security/
Related news
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)