Bonum Certa Men Certa

Free Software More Secure, Say Experts

"The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification and elimination of defects that might otherwise go unrecognized by a more limited core development team."

--CIO David Wennergren, Department of Defense (October 2009)



Summary: VeraCode argues that Free software is superior from the point of view of security

THE Register says that "Open source software has comparable security, faster bug fixing, and fewer potential backdoors than commercial software, according to a study on software application vulnerabilities by security firm VeraCode."



Here is another source speaking about the subject:

Around 58 percent of the applications tested by application security testing service provider Veracode in the past year-and-a-half failed to achieve a successful rating in their first round of testing. "The degree of failure to meet acceptable standards on first submission is astounding -- and this is coming from folks who care enough to submit their software to our [application security testing] services," says Roger Oberg, senior vice president of marketing for Veracode. "The implication here is that more than half of all applications are susceptible to the kinds of vulnerabilities we saw at Heartland, Google, DoD, and others -- these were all application-layer attacks."

[...]

Despite the relatively gloomy picture of developers still missing the mark initially on security, there were some bright spots in the report: Open-source software isn't as risky as you'd think, and financial services organizations and government agencies tend to have more secure applications from the get-go; more than half of their apps passed as acceptable in the first submission to testing, according to Veracode's report.


Someone mailed us a pointer to this article last night.

Start-up Israeli security company Trusteer claims to have hit on a different tactic when it comes to combating financial malware and making activities such as online banking more secure.

Rather than trying to eliminate every nasty from a user’s desktop, the four year-old company claims its Rapport software establishes a secure link between a customer’s desktop and the bank’s systems, excluding any malware in the process. The approach has been greeted with enthusiasm by analysts with a recent report from Frost and Sullivan neatly distilling the problem and Trusteer’s response to it.


"This is old news," says one of our readers who comments on "how to combat malware".

"Some time ago I suggested putting the VPN and IP stack on an embedded device. If they can't write to it, then they can't hack it. And seeing as Rapport is just another Windows process it's just as vulnerable as any other prog."

"Thanks to Mr. Gates, we now know that an open Internet with protocols anyone can implement is communism; it was set up by that famous communist agent, the US Department of Defense."

--Richard Stallman



Recent Techrights' Posts

Expose Corrupt Insurance Companies, Don't Kill People
Murder gives them sympathy, makes the raiders seem like the victims
[Meme] Write Code, Not Social Control Media
don't forget to 'like'
Site in Support of Richard Stallman Reminds People of the FSF's and Stallman's Support of Women
new updates
In Memory of Mike Magee (1949-2024) and Our Best Wishes to The Register, Which He Founded in the 1990s
Months have passed since Magee died
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 09, 2024
IRC logs for Monday, December 09, 2024
EPO Salaries Reduced: EPO's “Sustainability” Clause "Cuts the Average Overall Adjustment for Staff by –41,8%."
What does this all mean for staff?
Google is Nuking Remaining Invidious Instances Again, Hoping to Force Everyone to Use Proprietary Spyware With DRM
This issue started a few hours ago
Microsoft's Grip on Armenia is Slipping, According to New Data From statCounter
Notice what happened to Windows - an all-time low
[Meme] Sloppy Plagiarism Full of Errors, Lacking Actual Comprehension
LLMs are not "AI"
More LLM Spam/Slop About LLM Spam/Slop
This is what the Web will become unless we expose those who contribute to the problem
Reforming Versus Rebooting Versus Destroying Institutions
At the moment we strive to expose the truth or shine light on pertinent facts
Microsoft's Windows is Pretty Much Dead in Haiti
Android has eaten Microsoft's lunch, Microsoft can't even eat crow
[Teaser] EPO Management Thinks Inflation in Europe is 0.2% Per Annum
Taming inflation by entirely ignoring it is like wrongly assuming that climate change (caused by human activity) can be overcome by not studying the effect of 8+ billion humans on this finite planet
Corporate Media Will Be Discarded and Eventually Die If It Keeps Doing "Bill Gates Sez" (or Similar) Pieces Instead of Journalism
"Superintelligence" does not even mean anything!
This Week We Focus Again on European Patent Office (EPO) Scandals
Nothing can stop us, not even a party or SLAPP
Links 09/12/2024: Health Care Anger and Power Vacuum in Syria
Links for the day
Links 09/12/2024: Burned, Uncertain Future, and Failure
Links for the day
Links 09/12/2024: UnitedHealthcare C.E.O.'s Killer Still Unknown, Syrian Regime Change Completed
Links for the day
Microsoft: Target the Young (Get 'Em While They're Young)
Then they say Free software advocates are "extremists" and "rude"...
As of December 8th (23 Days Remaining), the FSF (Free Software Foundation, Inc.) Already a Third of the Way Toward Ambitious Funding Goal
FSF's memberships (or donations) drive is going a lot better than we anticipated
Why Mike Magee Created and Was Involved in So Many News Sites About Technology
British legend
Tunisia is Android, Windows is Waning There
Windows was measured below 20% in Tunisia
[Meme] Jeff Bezos Working From Home
"B**** please, publish articles in Washington Post about how working from home sucks"
'Remote' (From Home) Tech Workers Are More Productive for a Lot of Reasons
The Bezos-owned media should disclose its conflict of interest here
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 08, 2024
IRC logs for Sunday, December 08, 2024
No Wonder Microsoft's LinkedIn and Github Have So Many Layoffs, Permanent Office Closures
Traffic down, losses, probably never going to profit
Microsoft Ends Support for Vista 10, So Relative Share of Vista 10 Goes Up, Vista 11 is Down
For 2 months in a row already
When Python is Basically Run by a 'Microsoft-Friendly' Mole Who Ousts People That Actually Contributed a Lot to Python for Many Years
Removing some of the best people
Microsoft's Latest 'Novel' Approach, Trying to Prevent People Moving Away From Microsoft and From Windows
ads say a lot about their business strategy
Syria: Microsoft Windows Down to 8% "Market Share" (It Was 99% Just 15 Years Ago)
it was even measured at less than 5% earlier this year
Microsoft-sponsored "The New Stack" Publishing Microsoft Windows Articles in "Linux" Clothing
Just sayin'...
Links 08/12/2024: Boeing Leaks and Bluesky’s Business Model Dilemma
Links for the day
Gemini Links 08/12/2024: UK Winds and Ultraviolet Grasslands (UVG)
Links for the day
Links 08/12/2024: Conflicts, Misinformation, and Gutting of the Media
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 07, 2024
IRC logs for Saturday, December 07, 2024