When transparency is also obscurity: The conundrum that is open-source security

2022-10-04 05:21

The pros and cons of OSS. The challenge of OSS security is that just because everyone can look at the source code, it does not mean anyone will.

A recent report from the Linux Foundation found that the average number of outstanding critical vulnerabilities in an application is 5.1, and that 41% of organizations are not confident in their open source software security.

Due to the vast amount of OSS code in active use, examples of active security issues with open source are legion.

Paying someone to probe the security of your open-source solutions can help plug this gap, while you continue to enjoy the wider benefits of open source.

"It's open-source, go change it!" is a statement you will hear a lot from the open-source community, and it highlights a key fact: Expecting good security levels for free while others contribute time, effort or money to the equation is not reasonable or sustainable.

Options include either contributing to open source as it was originally intended, by improving the code and publishing it for others, or employing experts to manage the OSS code and debug it as required.

News URL

https://www.helpnetsecurity.com/2022/10/04/when-transparency-is-also-obscurity-open-source-security/

#opensource #security

News URL

Related news