Morgan Davis, a senior trainer and engineer at Security Innovation, said it's not fair to blame open-source security."The failures of Cryptocat are not failures of open-source versus closed-source development, but rather a failure in the secure development process," Davis said. In addition, companies can be held liable for software left insecure due to negligence, Olds said. "I would argue that this forces commercial developers to pay more attention to bugs and to do more rigorous testing." "The key difference is that commercial developers depend on the quality of their product to pay their mortgages and feed their families," Olds said. "Since open source software isn't owned by anyone, there are no dedicated software maintenance people and enhancements are made by whoever can and wants them," said Murray Jennex, associate professor for computer security at San Diego State University.ĭan Olds, an analyst for Gabriel Consulting Group, agreed, saying developers paid to build software have more at stake in getting it right. However, other experts disagreed, saying that because open-source software is developed by an unpaid group of engineers, there are going to be security lapses. "I don't quite understand why open source makes it inherently risky, like somehow because software is proprietary a developer will not make a mistake." "He could have generalized the statement to: 'This is the process of software security - period,'" Royal said on Monday. ![]() The comment baffled Paul Royal, associate director of the Georgia Tech Information Security Center. This is the process of open source security." In a blog post, Cryptocat took full responsibility for the flaw and added, "We will commit failures dozens, if not hundreds of times more in the coming years, and we only ask you to be vigilant and careful.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |