Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission Summary: 0 pending, 7 declined, 3 accepted (10 total, 30.00% accepted)

Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security

Submission + - Security Firm Confirms FOSS Devs Fix Bugs Faster (darkreading.com)

sgtrock writes: This story was reported in several places yesterday. From Dark Reading:

Around 58 percent of the applications tested by application security testing service provider Veracode in the past year-and-a-half failed to achieve a successful rating in their first round of testing. "The degree of failure to meet acceptable standards on first submission is astounding — and this is coming from folks who care enough to submit their software to our [application security testing] services," says Roger Oberg, senior vice president of marketing for Veracode. "The implication here is that more than half of all applications are susceptible to the kinds of vulnerabilities we saw at Heartland, Google, DoD, and others — these were all application-layer attacks."

...

"The conventional wisdom is that open source is risky. But open source was no worse than commercial software upon first submission. That's encouraging," Oberg says. And it was the quickest to remediate any flaws: "It took about 30 days to remediate open-source software, and much longer for commercial and internal projects," he says.


Slashdot Top Deals

Any sufficiently advanced technology is indistinguishable from magic. -- Arthur C. Clarke

Working...